Removed hard dependency on IBM's JVM.

CASA-auth-token/server-java/Svc/Makefile.am

@@ -117,7 +117,7 @@ CLASSES = $(addprefix $(BUILDDIR)/, $(JAVAFILES:%.java=%.class))
 AXIS_LIBS = $(AXIS_JARS_DIR)/axis.jar:$(AXIS_JARS_DIR)/saaj.jar:$(AXIS_JARS_DIR)/wss4j-1.5.0.jar:$(AXIS_JARS_DIR)/xmlsec-1.2.1.jar
 #AXIS_LIBS = $(AXIS_JARS_DIR)/wss4j-1.5.0.jar
 
-LIBS = /usr/share/java/servletapi5.jar
+LIBS = /usr/share/java/servletapi5.jar:/usr/share/java/xerces-j2.jar
 CLASSPATH = $(AXIS_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(LIBS)
 
 CUR_DIR := $(shell pwd)

CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD

@@ -86,14 +86,32 @@ StartDAEMON()
       test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
     done
 
+    TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
+
+    # Append the java.security.auth.login.conf property on the JAVA_OPTS environment
+    # variable if not utilizing the IBM JVM.
+    if [ -z "${TEST_IBM_JVM}" ]; then
+      export JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/etc/CASA/authtoken/svc/jaas.conf"
+    fi
+
     # Make sure that the server.xml link has been made
     if [ ! -f /srv/www/casaats/conf/server.xml ]; then
-      ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
+      # The server.xml file link needs to be made. Use the appropriate
+      # file for the JVM version that we are using.
+      if [ -z "${TEST_IBM_JVM}" ]; then
+        # Assume Sun JVM
+        ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
+      else
+        # IBM JVM
+        ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
+      fi
+
+      # Make sure that our service has rights to the file
       chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
     fi
 
     # Start it up
-    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
+    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs/start.log" 2>&1
     sleep 1
     if atsIsRunning ; then
       rc_failed 0

CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh

@@ -63,6 +63,34 @@ function display_usage
    echo ""
 }
 
+function setup_jaas_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Create and edit the output file
+   host=`hostname -f`
+   sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE
+   return 0
+}
+
+
 function setup_iaRealms_file
 {
    # Determine the file names 
@@ -190,6 +218,7 @@ else
 fi
 
 # Setup the configuration files
+setup_jaas_file
 setup_iaRealms_file
 RETVAL=$?
 if [ "$RETVAL" = "0" ]; then

CASA-auth-token/server-java/Svc/linux/envvars

@@ -8,7 +8,7 @@
 ############################################################
 CATALINA_BASE="/srv/www/casaats"
 CATALINA_HOME="/usr/share/tomcat5"
-JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
+JAVA_HOME="/usr/lib/jvm/jre-1.5.0"
 JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
 export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
 

CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh

@@ -46,32 +46,32 @@
 
 # Do not do anything if the server keystore has already been created
 if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
-	echo "The server keystore is already setup"
+   echo "The server keystore is already setup"
         # Make sure that the keystore file is owned by our service
         chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
 else
-	echo "Setting up the server's keystore"
+   echo "Setting up the server's keystore"
 
    KEYTOOL_PATH=$JAVA_HOME/bin/keytool
 
-	# Create the server keystore with the key that will be used for signing tokens
-	host=`hostname -f`
-	$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
+   # Create the server keystore with the key that will be used for signing tokens
+   host=`hostname -f`
+   $KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
 
-	# Export self-signed certificate for the signing key
-	$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+   # Export self-signed certificate for the signing key
+   $KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
 
-	# Print the exported cert
-	#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+   # Print the exported cert
+   #$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
 
         # Create a key for Tomcat to do SSL communications
         $KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
 
-	# List the contents of the server's keystore
-	#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
+   # List the contents of the server's keystore
+   #$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
 
-	# Make sure that the keystore is only accessible by the service
-	chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
-	chmod 600 /etc/CASA/authtoken/keys/server/jks-store
+   # Make sure that the keystore is only accessible by the service
+   chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
+   chmod 600 /etc/CASA/authtoken/keys/server/jks-store
 fi
 

CASA-auth-token/server-java/Svc/templates/Makefile.am

@@ -30,7 +30,8 @@ EXTRA_DIST = auth.policy \
 		authtoken.settings \
 		iaRealms.xml \
 		identoken.settings \
-		svc.settings
+		svc.settings \
+		jaas.conf
 
 .PHONY: package package-clean package-install package-uninstall
 package package-clean package-install package-uninstall:

CASA-auth-token/server-java/Svc/templates/jaas.conf

@@ -3,7 +3,7 @@ com.sun.security.auth.module.Krb5LoginModule required
 	useTicketCache=true
 	ticketCache="/var/lib/CASA/authtoken/svc/ticket.cache"
 	useKeyTab=true
-	principal="host/jcserver2.provo.novell.com"
+	principal="host/HOSTNAME"
 	doNotPrompt=true
 	storeKey=true
 	keyTab="/etc/krb5.keytab"