Added functionality to allow the ATS to be accessible through

Apache if mod_proxy_ajp is configured.
2007-06-22 22:12:20 +00:00 · 2007-06-22 22:12:20 +00:00 · da37390857
commit da37390857
parent 35ef31cafd
10 changed files with 178 additions and 2 deletions
--- a/CASA-auth-token/server-java/Svc/linux/CasaIsWebServerAvailable.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaIsWebServerAvailable.sh
@ -0,0 +1,52 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# Script for determining whether Apache is installed with mod_proxy_ajp
+# support.
+#
+########################################################################
+
+
+# Determine if Apache is intalled with mod_proxy_ajp support
+APACHE_SYSCONFIG_FILE_PATH=/etc/sysconfig/apache2
+if [ -f $APACHE_SYSCONFIG_FILE_PATH ]; then
+   echo "Apache installed"
+   # Check if the mod_proxy_ajp module is configured to be loaded
+   TEST_PROXY_AJP=$(grep -i proxy_ajp $APACHE_SYSCONFIG_FILE_PATH | cut -c1-14 | grep -i APACHE_MODULES)
+   if [ -z "${TEST_PROXY_AJP}" ]; then
+      echo "mod_proxy_ajp not configured to be loaded"
+      retVal=1
+   else
+      echo "mod_proxy_ajp configured to be loaded"
+      retVal=0
+   fi
+else
+   echo "Apache not installed"
+   retVal=1
+fi
+
+exit $retVal
--- a/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh
@ -32,6 +32,86 @@
 # Source our environment variables file
 . /etc/CASA/authtoken/svc/envvars

-# Perform the operation requested
-$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $*
+# Check if we need to determine which server.xml file to use
+if [ -f /srv/www/casaats/conf/server.xml ]; then
+   # No need to determine which file to use
+   SERVER_XML_FILE_PATH=/srv/www/casaats/conf/server.xml
+else
+   # Determine which server.xml file to use
+   TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
+   if [ -z "${TEST_IBM_JVM}" ]; then
+      # Assume Sun JVM
+      # Use PKCS12 version if PKCS12 store exists
+      if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
+         SERVER_XML_FILE_PATH=/srv/www/casaats/conf/server-pkcs12-sun.xml
+      else
+         SERVER_XML_FILE_PATH=/srv/www/casaats/conf/server-sun.xml
+      fi
+   else
+      # IBM JVM
+      # Use PKCS12 version if PKCS12 store exists
+      if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
+         SERVER_XML_FILE_PATH=/srv/www/casaats/conf/server-pkcs12-ibm.xml
+      else
+         SERVER_XML_FILE_PATH=/srv/www/casaats/conf/server-ibm.xml
+      fi
+   fi
+fi
+
+echo "server.xml path = "$SERVER_XML_FILE_PATH
+
+
+SSL_CONNECTOR_BEGIN="<!-- SSL_CONNECTOR_BEGIN -->"
+SSL_CONNECTOR_END="<!-- SSL_CONNECTOR_END -->"
+SSL_CONNECTOR_COMMENT_BEGIN="<!-- SSL_CONNECTOR_COMMENT_BEGIN"
+SSL_CONNECTOR_COMMENT_END="SSL_CONNECTOR_COMMENT_END -->"
+AJP_CONNECTOR_BEGIN="<!-- AJP_CONNECTOR_BEGIN -->"
+AJP_CONNECTOR_END="<!-- AJP_CONNECTOR_END -->"
+AJP_CONNECTOR_COMMENT_BEGIN="<!-- AJP_CONNECTOR_COMMENT_BEGIN"
+AJP_CONNECTOR_COMMENT_END="AJP_CONNECTOR_COMMENT_END -->"
+
+
+# Perform the operation requested
+if [ $# -eq 2 ]; then
+   if [ $1 = "-e" ]; then
+      if [ $2 = "ssl" ]; then
+         echo "Enabling ssl connector"
+         sed -i s:$SSL_CONNECTOR_COMMENT_BEGIN:$SSL_CONNECTOR_BEGIN:g SERVER_XML_FILE_PATH
+         sed -i s:$SSL_CONNECTOR_COMMENT_END:$SSL_CONNECTOR_END:g SERVER_XML_FILE_PATH
+      else
+         if [ $2 = "ajp" ]; then
+            echo "Enabling ajp connector"
+            sed -i s:$AJP_CONNECTOR_COMMENT_BEGIN:$AJP_CONNECTOR_BEGIN:g SERVER_XML_FILE_PATH
+            sed -i s:$AJP_CONNECTOR_COMMENT_END:$AJP_CONNECTOR_END:g SERVER_XML_FILE_PATH
+         else
+            echo "Connector type not supported"
+         fi
+      fi
+   else
+      if [ $1 = "-d" ]; then
+         if [ $2 = "ssl" ]; then
+            echo "Disabling ssl connector"
+            sed -i s:$SSL_CONNECTOR_BEGIN:$SSL_CONNECTOR_COMMENT_BEGIN:g SERVER_XML_FILE_PATH
+            sed -i s:$SSL_CONNECTOR_END:$SSL_CONNECTOR_COMMENT_END:g SERVER_XML_FILE_PATH
+         else
+            if [ $2 = "ajp" ]; then
+               echo "Disabling ajp connector"
+               sed -i s:$AJP_CONNECTOR_BEGIN:$AJP_CONNECTOR_COMMENT_BEGIN:g SERVER_XML_FILE_PATH
+               sed -i s:$AJP_CONNECTOR_END:$AJP_CONNECTOR_COMMENT_END:g SERVER_XML_FILE_PATH
+            else
+               echo "Connector type not supported"
+            fi
+         fi
+      else
+         if [ $1 = "-file" ]; then
+            echo "Process properties file"
+            $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $*
+         else
+            echo "Invalid operation requested"
+         fi
+      fi 
+   fi
+else
+   echo "Invalid number of parameters"
+fi

--- a/CASA-auth-token/server-java/Svc/linux/Makefile.am
+++ b/CASA-auth-token/server-java/Svc/linux/Makefile.am
@ -40,6 +40,8 @@ EXTRA_DIST = CasaAuthtokenSvcD \
 		CasaSvcSettingsEditor.sh \
 		CasaTomcatConnectorEditor.sh \
 		CasaIaRealmsEditor.sh \
+		casaats.conf \
+		CasaIswebServerAvailable.sh \
 		log4j.properties

 ROOT = ../..
--- a/CASA-auth-token/server-java/Svc/linux/casaats.conf
+++ b/CASA-auth-token/server-java/Svc/linux/casaats.conf
@ -0,0 +1,6 @@
+# Apache to casaats hook
+<IfModule mod_proxy.c>
+    ProxyPreserveHost On
+    ProxyPass /CasaAuthTokenSvc/ ajp://localhost:9595/CasaAuthTokenSvc/
+</IfModule>
+
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml
@ -78,6 +78,7 @@
     to 0 -->
 	
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <!-- SSL_CONNECTOR_BEGIN -->
    <Connector port="2645" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
@ -86,6 +87,12 @@
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
               keystorePass="secret" algorithm="IbmX509" />
+    <!-- SSL_CONNECTOR_END -->
+
+    <!-- Define an AJP Connector -->
+    <!-- AJP_CONNECTOR_BEGIN -->
+    <Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
+    <!-- AJP_CONNECTOR_END -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
@ -78,6 +78,7 @@
     to 0 -->
 	
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <!-- SSL_CONNECTOR_BEGIN -->
    <Connector port="2645" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
@ -86,6 +87,12 @@
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/etc/ssl/servercerts/keystore.p12"
               keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />
+    <!-- SSL_CONNECTOR_END -->
+
+    <!-- Define an AJP Connector -->
+    <!-- AJP_CONNECTOR_BEGIN -->
+    <Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
+    <!-- AJP_CONNECTOR_END -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
@ -78,6 +78,7 @@
     to 0 -->
 	
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <!-- SSL_CONNECTOR_BEGIN -->
    <Connector port="2645" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
@ -86,6 +87,12 @@
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/etc/ssl/servercerts/keystore.p12"
               keystorePass="password" keystoreType="pkcs12" algorithm="SunX509" />
+    <!-- SSL_CONNECTOR_END -->
+
+    <!-- Define an AJP Connector -->
+    <!-- AJP_CONNECTOR_BEGIN -->
+    <Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
+    <!-- AJP_CONNECTOR_END -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml
@ -78,6 +78,7 @@
     to 0 -->
 	
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <!-- SSL_CONNECTOR_BEGIN -->
    <Connector port="2645" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
@ -86,6 +87,12 @@
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
               keystorePass="secret" algorithm="SunX509" />
+    <!-- SSL_CONNECTOR_END -->
+
+    <!-- Define an AJP Connector -->
+    <!-- AJP_CONNECTOR_BEGIN -->
+    <Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
+    <!-- AJP_CONNECTOR_END -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
@ -168,6 +168,7 @@ install -m 600 Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/
 install -m 600 Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
 install -m 600 Svc/src/com/novell/casa/authtoksvc/Pwd_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
 install -m 700 Svc/linux/envvars %{buildroot}/etc/CASA/authtoken/svc/envvars
+install -m 700 Svc/linux/casaats.conf %{buildroot}/etc/CASA/authtoken/svc/casaats.conf
 install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/log4j.properties

 # Others
@ -181,6 +182,7 @@ install -m 700 Svc/linux/CasaIaRealmsEditor.sh %{buildroot}%{prefix}/share/java/
 install -m 700 Svc/linux/CasaAuthTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh
 install -m 700 Svc/linux/CasaIdenTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh
 install -m 700 Svc/linux/CasaSvcSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
+install -m 700 Svc/linux/CasaIsWebServerAvailable.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh
 install -m 755 Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd

 # Tomcat Base files
@ -273,6 +275,7 @@ rm -f /srv/www/casaats/conf/server.xml
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
+%{prefix}/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor-%{bldno}.jar
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar
 %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor-%{bldno}.jar
@ -317,6 +320,7 @@ rm -f /srv/www/casaats/conf/server.xml
 %config /srv/www/casaats/conf/tomcat-users.xml
 %config /srv/www/casaats/conf/web.xml
 %config /etc/CASA/authtoken/svc/envvars
+%config /etc/CASA/authtoken/svc/casaats.conf
 %config /etc/CASA/authtoken/svc/log4j.properties
 /etc/CASA/authtoken/svc/templates/svc.settings
 /etc/CASA/authtoken/svc/templates/auth.policy
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
@ -168,6 +168,7 @@ install -m 600 Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/
 install -m 600 Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
 install -m 600 Svc/src/com/novell/casa/authtoksvc/Pwd_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
 install -m 700 Svc/linux/envvars.zen %{buildroot}/etc/CASA/authtoken/svc/envvars
+install -m 700 Svc/linux/casaats.conf %{buildroot}/etc/CASA/authtoken/svc/casaats.conf
 install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/log4j.properties

 # Others
@ -181,6 +182,7 @@ install -m 700 Svc/linux/CasaIaRealmsEditor.sh %{buildroot}%{prefix}/share/java/
 install -m 700 Svc/linux/CasaAuthTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh
 install -m 700 Svc/linux/CasaIdenTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh
 install -m 700 Svc/linux/CasaSvcSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
+install -m 700 Svc/linux/CasaIsWebServerAvailable.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh
 install -m 755 Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd

 # Tomcat Base files
@ -273,6 +275,7 @@ rm -f /srv/www/casaats/conf/server.xml
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh
+%{prefix}/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor-%{bldno}.jar
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.jar
 %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor-%{bldno}.jar
@ -317,6 +320,7 @@ rm -f /srv/www/casaats/conf/server.xml
 %config /srv/www/casaats/conf/tomcat-users.xml
 %config /srv/www/casaats/conf/web.xml
 %config /etc/CASA/authtoken/svc/envvars
+%config /etc/CASA/authtoken/svc/casaats.conf
 %config /etc/CASA/authtoken/svc/log4j.properties
 /etc/CASA/authtoken/svc/templates/svc.settings
 /etc/CASA/authtoken/svc/templates/auth.policy