ATS changes to allow it to leverage installed server certificate and
server key (/etc/ssl/servercerts/serverkey.pem and /etc/ssl/servercerts/servercert.pem) for SSL communications.
This commit is contained in:
parent
718b0fda28
commit
ba8e155d69
@ -100,11 +100,21 @@ StartDAEMON()
|
||||
# file for the JVM version that we are using.
|
||||
if [ -z "${TEST_IBM_JVM}" ]; then
|
||||
# Assume Sun JVM
|
||||
# Use PKCS12 version if PKCS12 store exists
|
||||
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
|
||||
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml /srv/www/casaats/conf/server.xml
|
||||
else
|
||||
ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
|
||||
fi
|
||||
else
|
||||
# IBM JVM
|
||||
# Use PKCS12 version if PKCS12 store exists
|
||||
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
|
||||
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml /srv/www/casaats/conf/server.xml
|
||||
else
|
||||
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
|
||||
fi
|
||||
fi
|
||||
|
||||
# Make sure that our service has rights to the file
|
||||
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
|
||||
|
@ -31,6 +31,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \
|
||||
envvars.zen \
|
||||
server_keystore_setup.sh \
|
||||
refresh_trusted_ats_keystore.sh \
|
||||
refresh_server_keystore.sh \
|
||||
casa_crypto.properties \
|
||||
CasaBasicATSSetup.sh \
|
||||
CasaAuthPolicyEditor.sh \
|
||||
|
68
CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh
Executable file
68
CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh
Executable file
@ -0,0 +1,68 @@
|
||||
#!/bin/sh
|
||||
########################################################################
|
||||
#
|
||||
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; version 2.1
|
||||
# of the License.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Library Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, Novell, Inc.
|
||||
#
|
||||
# To contact Novell about this file by physical or electronic mail,
|
||||
# you may find current contact information at www.novell.com.
|
||||
#
|
||||
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||
#
|
||||
########################################################################
|
||||
|
||||
########################################################################
|
||||
#
|
||||
# CASA ATS Keystore Refresh Script.
|
||||
#
|
||||
# An ATS signs tokens and communicates with clients over
|
||||
# SSL. This scrip tries to update the ATS configuration to leverage
|
||||
# the server certificate and key if installed for SSL communications.
|
||||
#
|
||||
########################################################################
|
||||
|
||||
# Source our environment variables file
|
||||
. /etc/CASA/authtoken/svc/envvars
|
||||
|
||||
PKCS12_KEYSTORE_PATH=/etc/ssl/servercerts/keystore.p12
|
||||
SERVER_CERT_PATH=/etc/ssl/servercerts/servercert.pem
|
||||
SERVER_KEY_PATH=/etc/ssl/servercerts/serverkey.pem
|
||||
SERVER_XML_PATH=/srv/www/casaats/conf/server.xml
|
||||
|
||||
|
||||
# Try to leverage server certificate and key
|
||||
if [ -f /etc/ssl/servercerts/serverkey.pem ]; then
|
||||
# Check if we must create PKCS12 keystore
|
||||
if [ ! -f $PKCS12_KEYSTORE_PATH ]; then
|
||||
# Create PKCS12 keystore
|
||||
openssl pkcs12 -export -in $SERVER_CERT_PATH -inkey $SERVER_KEY_PATH -name tomcat -out PKCS12_KEYSTORE_PATH -password pass:password
|
||||
|
||||
# Make sure that the PKCS12 keystore is only accessible by the service
|
||||
chown casaatsd:casaauth $PKCS12_KEYSTORE_PATH
|
||||
chmod 600 $PKCS12_KEYSTORE_PATH
|
||||
fi
|
||||
|
||||
// Make sure that the ATS is configured to leverage the server certificate and key
|
||||
TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
|
||||
rm -f $SERVER_XML_PATH
|
||||
if [ -z "${TEST_IBM_JVM}" ]; then
|
||||
# Assume Sun JVM
|
||||
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml $SERVER_XML_PATH
|
||||
else
|
||||
# IBM JVM
|
||||
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml $SERVER_XML_PATH
|
||||
fi
|
||||
fi
|
||||
|
@ -50,9 +50,10 @@ LOCAL_ATS_SIGNING_CERT_PATH=/etc/CASA/authtoken/keys/localSigningCert
|
||||
|
||||
# Perform the operation requested
|
||||
|
||||
# Do not do anything if the server keystore has already been created
|
||||
# Proceed based on whether or not the server keystore has been created
|
||||
if [ -f $KEYSTORE_PATH ]; then
|
||||
echo "The server keystore is already setup"
|
||||
|
||||
# Make sure that the keystore file is owned by our service
|
||||
chown casaatsd:casaauth $KEYSTORE_PATH
|
||||
else
|
||||
@ -82,3 +83,5 @@ else
|
||||
chmod 600 $KEYSTORE_PATH
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
@ -27,7 +27,9 @@ DIST_SUBDIRS = zen
|
||||
CFILES =
|
||||
|
||||
EXTRA_DIST = server-ibm.xml \
|
||||
server-sun.xml
|
||||
server-sun.xml \
|
||||
server-pkcs12-ibm.xml \
|
||||
server-pkcs12-sun.xml
|
||||
|
||||
.PHONY: package package-clean package-install package-uninstall
|
||||
package package-clean package-install package-uninstall:
|
||||
|
@ -0,0 +1,169 @@
|
||||
<!-- CASA ATS Server Configuration File -->
|
||||
|
||||
<!-- A "Server" is a singleton element that represents the entire JVM,
|
||||
which may contain one or more "Service" instances. The Server
|
||||
listens for a shutdown command on the indicated port.
|
||||
|
||||
Note: A "Server" is not itself a "Container", so you may not
|
||||
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||
-->
|
||||
|
||||
<Server port="8585" shutdown="SHUTDOWN" debug="0">
|
||||
|
||||
|
||||
<!-- Global JNDI resources -->
|
||||
<GlobalNamingResources>
|
||||
|
||||
<!-- Test entry for demonstration purposes -->
|
||||
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
|
||||
|
||||
<!-- Editable user database that can also be used by
|
||||
UserDatabaseRealm to authenticate users -->
|
||||
<Resource name="UserDatabase" auth="Container"
|
||||
type="org.apache.catalina.UserDatabase"
|
||||
description="User database that can be updated and saved">
|
||||
</Resource>
|
||||
<ResourceParams name="UserDatabase">
|
||||
<parameter>
|
||||
<name>factory</name>
|
||||
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
|
||||
</parameter>
|
||||
<parameter>
|
||||
<name>pathname</name>
|
||||
<value>conf/tomcat-users.xml</value>
|
||||
</parameter>
|
||||
</ResourceParams>
|
||||
|
||||
</GlobalNamingResources>
|
||||
|
||||
<!-- A "Service" is a collection of one or more "Connectors" that share
|
||||
a single "Container" (and therefore the web applications visible
|
||||
within that Container). Normally, that Container is an "Engine",
|
||||
but this is not required.
|
||||
|
||||
Note: A "Service" is not itself a "Container", so you may not
|
||||
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||
-->
|
||||
|
||||
<!-- Define the Tomcat Stand-Alone Service -->
|
||||
<Service name="Catalina">
|
||||
|
||||
<!-- A "Connector" represents an endpoint by which requests are received
|
||||
and responses are returned. Each Connector passes requests on to the
|
||||
associated "Container" (normally an Engine) for processing.
|
||||
|
||||
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
|
||||
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
|
||||
following the instructions below and uncommenting the second Connector
|
||||
entry. SSL support requires the following steps (see the SSL Config
|
||||
HOWTO in the Tomcat 5 documentation bundle for more detailed
|
||||
instructions):
|
||||
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
|
||||
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
|
||||
* Execute:
|
||||
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
|
||||
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
|
||||
with a password value of "changeit" for both the certificate and
|
||||
the keystore itself.
|
||||
|
||||
By default, DNS lookups are enabled when a web application calls
|
||||
request.getRemoteHost(). This can have an adverse impact on
|
||||
performance, so you can disable it by setting the
|
||||
"enableLookups" attribute to "false". When DNS lookups are disabled,
|
||||
request.getRemoteHost() will return the String version of the
|
||||
IP address of the remote client.
|
||||
-->
|
||||
|
||||
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||
to 0 -->
|
||||
|
||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||
<Connector port="2645"
|
||||
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
|
||||
enableLookups="false" disableUploadTimeout="true"
|
||||
maxPostSize="16384" connectionTimeout="10000"
|
||||
acceptCount="100" debug="0" scheme="https" secure="true"
|
||||
clientAuth="false" sslProtocol="TLS"
|
||||
keystoreFile="/etc/ssl/servercerts/keystore.p12"
|
||||
keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />
|
||||
|
||||
<!-- An Engine represents the entry point (within Catalina) that processes
|
||||
every request. The Engine implementation for Tomcat stand alone
|
||||
analyzes the HTTP headers included with the request, and passes them
|
||||
on to the appropriate Host (virtual host). -->
|
||||
|
||||
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
|
||||
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
|
||||
-->
|
||||
|
||||
<!-- Define the top level container in our container hierarchy -->
|
||||
<Engine name="Catalina" defaultHost="localhost" debug="0">
|
||||
|
||||
<!-- The request dumper valve dumps useful debugging information about
|
||||
the request headers and cookies that were received, and the response
|
||||
headers and cookies that were sent, for all requests received by
|
||||
this instance of Tomcat. If you care only about requests to a
|
||||
particular virtual host, or a particular application, nest this
|
||||
element inside the corresponding <Host> or <Context> entry instead.
|
||||
|
||||
For a similar mechanism that is portable to all Servlet 2.4
|
||||
containers, check out the "RequestDumperFilter" Filter in the
|
||||
example application (the source for this filter may be found in
|
||||
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
|
||||
|
||||
Request dumping is disabled by default. Uncomment the following
|
||||
element to enable it. -->
|
||||
<!--
|
||||
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
|
||||
-->
|
||||
|
||||
<!-- Global logger unless overridden at lower levels -->
|
||||
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||
prefix="catalina_log" suffix=".txt"
|
||||
timestamp="false"/>
|
||||
|
||||
<!-- Because this Realm is here, an instance will be shared globally -->
|
||||
|
||||
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
||||
resources under the key "UserDatabase". Any edits
|
||||
that are performed against this UserDatabase are immediately
|
||||
available for use by the Realm. -->
|
||||
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||
debug="0" resourceName="UserDatabase"/>
|
||||
|
||||
<!-- Define the default virtual host
|
||||
Note: XML Schema validation will not work with Xerces 2.2.
|
||||
-->
|
||||
<Host name="localhost" debug="0" appBase="webapps"
|
||||
unpackWARs="true" autoDeploy="true"
|
||||
xmlValidation="false" xmlNamespaceAware="false">
|
||||
|
||||
<!-- Access log processes all requests for this virtual host. By
|
||||
default, log files are created in the "logs" directory relative to
|
||||
$CATALINA_HOME. If you wish, you can specify a different
|
||||
directory with the "directory" attribute. Specify either a relative
|
||||
(to $CATALINA_HOME) or absolute path to the desired directory.
|
||||
-->
|
||||
<!--
|
||||
<Valve className="org.apache.catalina.valves.AccessLogValve"
|
||||
directory="logs" prefix="localhost_access_log." suffix=".txt"
|
||||
pattern="common" resolveHosts="false"/>
|
||||
-->
|
||||
|
||||
<!-- Logger shared by all Contexts related to this virtual host. By
|
||||
default (when using FileLogger), log files are created in the "logs"
|
||||
directory relative to $CATALINA_HOME. If you wish, you can specify
|
||||
a different directory with the "directory" attribute. Specify either a
|
||||
relative (to $CATALINA_HOME) or absolute path to the desired
|
||||
directory.-->
|
||||
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||
directory="logs" prefix="localhost_log" suffix=".txt"
|
||||
timestamp="false"/>
|
||||
|
||||
</Host>
|
||||
|
||||
</Engine>
|
||||
|
||||
</Service>
|
||||
|
||||
</Server>
|
@ -0,0 +1,169 @@
|
||||
<!-- CASA ATS Server Configuration File -->
|
||||
|
||||
<!-- A "Server" is a singleton element that represents the entire JVM,
|
||||
which may contain one or more "Service" instances. The Server
|
||||
listens for a shutdown command on the indicated port.
|
||||
|
||||
Note: A "Server" is not itself a "Container", so you may not
|
||||
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||
-->
|
||||
|
||||
<Server port="8585" shutdown="SHUTDOWN" debug="0">
|
||||
|
||||
|
||||
<!-- Global JNDI resources -->
|
||||
<GlobalNamingResources>
|
||||
|
||||
<!-- Test entry for demonstration purposes -->
|
||||
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
|
||||
|
||||
<!-- Editable user database that can also be used by
|
||||
UserDatabaseRealm to authenticate users -->
|
||||
<Resource name="UserDatabase" auth="Container"
|
||||
type="org.apache.catalina.UserDatabase"
|
||||
description="User database that can be updated and saved">
|
||||
</Resource>
|
||||
<ResourceParams name="UserDatabase">
|
||||
<parameter>
|
||||
<name>factory</name>
|
||||
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
|
||||
</parameter>
|
||||
<parameter>
|
||||
<name>pathname</name>
|
||||
<value>conf/tomcat-users.xml</value>
|
||||
</parameter>
|
||||
</ResourceParams>
|
||||
|
||||
</GlobalNamingResources>
|
||||
|
||||
<!-- A "Service" is a collection of one or more "Connectors" that share
|
||||
a single "Container" (and therefore the web applications visible
|
||||
within that Container). Normally, that Container is an "Engine",
|
||||
but this is not required.
|
||||
|
||||
Note: A "Service" is not itself a "Container", so you may not
|
||||
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||
-->
|
||||
|
||||
<!-- Define the Tomcat Stand-Alone Service -->
|
||||
<Service name="Catalina">
|
||||
|
||||
<!-- A "Connector" represents an endpoint by which requests are received
|
||||
and responses are returned. Each Connector passes requests on to the
|
||||
associated "Container" (normally an Engine) for processing.
|
||||
|
||||
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
|
||||
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
|
||||
following the instructions below and uncommenting the second Connector
|
||||
entry. SSL support requires the following steps (see the SSL Config
|
||||
HOWTO in the Tomcat 5 documentation bundle for more detailed
|
||||
instructions):
|
||||
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
|
||||
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
|
||||
* Execute:
|
||||
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
|
||||
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
|
||||
with a password value of "changeit" for both the certificate and
|
||||
the keystore itself.
|
||||
|
||||
By default, DNS lookups are enabled when a web application calls
|
||||
request.getRemoteHost(). This can have an adverse impact on
|
||||
performance, so you can disable it by setting the
|
||||
"enableLookups" attribute to "false". When DNS lookups are disabled,
|
||||
request.getRemoteHost() will return the String version of the
|
||||
IP address of the remote client.
|
||||
-->
|
||||
|
||||
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||
to 0 -->
|
||||
|
||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||
<Connector port="2645"
|
||||
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
|
||||
enableLookups="false" disableUploadTimeout="true"
|
||||
maxPostSize="16384" connectionTimeout="10000"
|
||||
acceptCount="100" debug="0" scheme="https" secure="true"
|
||||
clientAuth="false" sslProtocol="TLS"
|
||||
keystoreFile="/etc/ssl/servercerts/keystore.p12"
|
||||
keystorePass="password" keystoreType="pkcs12" algorithm="SunX509" />
|
||||
|
||||
<!-- An Engine represents the entry point (within Catalina) that processes
|
||||
every request. The Engine implementation for Tomcat stand alone
|
||||
analyzes the HTTP headers included with the request, and passes them
|
||||
on to the appropriate Host (virtual host). -->
|
||||
|
||||
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
|
||||
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
|
||||
-->
|
||||
|
||||
<!-- Define the top level container in our container hierarchy -->
|
||||
<Engine name="Catalina" defaultHost="localhost" debug="0">
|
||||
|
||||
<!-- The request dumper valve dumps useful debugging information about
|
||||
the request headers and cookies that were received, and the response
|
||||
headers and cookies that were sent, for all requests received by
|
||||
this instance of Tomcat. If you care only about requests to a
|
||||
particular virtual host, or a particular application, nest this
|
||||
element inside the corresponding <Host> or <Context> entry instead.
|
||||
|
||||
For a similar mechanism that is portable to all Servlet 2.4
|
||||
containers, check out the "RequestDumperFilter" Filter in the
|
||||
example application (the source for this filter may be found in
|
||||
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
|
||||
|
||||
Request dumping is disabled by default. Uncomment the following
|
||||
element to enable it. -->
|
||||
<!--
|
||||
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
|
||||
-->
|
||||
|
||||
<!-- Global logger unless overridden at lower levels -->
|
||||
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||
prefix="catalina_log" suffix=".txt"
|
||||
timestamp="false"/>
|
||||
|
||||
<!-- Because this Realm is here, an instance will be shared globally -->
|
||||
|
||||
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
||||
resources under the key "UserDatabase". Any edits
|
||||
that are performed against this UserDatabase are immediately
|
||||
available for use by the Realm. -->
|
||||
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||
debug="0" resourceName="UserDatabase"/>
|
||||
|
||||
<!-- Define the default virtual host
|
||||
Note: XML Schema validation will not work with Xerces 2.2.
|
||||
-->
|
||||
<Host name="localhost" debug="0" appBase="webapps"
|
||||
unpackWARs="true" autoDeploy="true"
|
||||
xmlValidation="false" xmlNamespaceAware="false">
|
||||
|
||||
<!-- Access log processes all requests for this virtual host. By
|
||||
default, log files are created in the "logs" directory relative to
|
||||
$CATALINA_HOME. If you wish, you can specify a different
|
||||
directory with the "directory" attribute. Specify either a relative
|
||||
(to $CATALINA_HOME) or absolute path to the desired directory.
|
||||
-->
|
||||
<!--
|
||||
<Valve className="org.apache.catalina.valves.AccessLogValve"
|
||||
directory="logs" prefix="localhost_access_log." suffix=".txt"
|
||||
pattern="common" resolveHosts="false"/>
|
||||
-->
|
||||
|
||||
<!-- Logger shared by all Contexts related to this virtual host. By
|
||||
default (when using FileLogger), log files are created in the "logs"
|
||||
directory relative to $CATALINA_HOME. If you wish, you can specify
|
||||
a different directory with the "directory" attribute. Specify either a
|
||||
relative (to $CATALINA_HOME) or absolute path to the desired
|
||||
directory.-->
|
||||
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||
directory="logs" prefix="localhost_log" suffix=".txt"
|
||||
timestamp="false"/>
|
||||
|
||||
</Host>
|
||||
|
||||
</Engine>
|
||||
|
||||
</Service>
|
||||
|
||||
</Server>
|
@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
|
||||
|
||||
# Others
|
||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||
@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
|
||||
install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
||||
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
||||
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
||||
|
||||
@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
|
||||
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
|
||||
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||
@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
|
||||
%config /srv/www/casaats/conf/catalina.properties
|
||||
%config /srv/www/casaats/conf/jk2.properties
|
||||
%config /srv/www/casaats/conf/server-ibm.xml
|
||||
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||
%config /srv/www/casaats/conf/server-sun.xml
|
||||
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||
%config /srv/www/casaats/conf/tomcat-users.xml
|
||||
%config /srv/www/casaats/conf/web.xml
|
||||
%config /etc/CASA/authtoken/svc/envvars
|
||||
|
@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
|
||||
|
||||
# Others
|
||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||
@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
|
||||
install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
||||
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||
install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
||||
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
||||
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
||||
|
||||
@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
|
||||
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
|
||||
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||
@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
|
||||
%config /srv/www/casaats/conf/catalina.properties
|
||||
%config /srv/www/casaats/conf/jk2.properties
|
||||
%config /srv/www/casaats/conf/server-ibm.xml
|
||||
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||
%config /srv/www/casaats/conf/server-sun.xml
|
||||
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||
%config /srv/www/casaats/conf/tomcat-users.xml
|
||||
%config /srv/www/casaats/conf/web.xml
|
||||
%config /etc/CASA/authtoken/svc/envvars
|
||||
|
Loading…
Reference in New Issue
Block a user