Removed hard dependency on IBM's JVM.
This commit is contained in:
parent
d6b4b5608e
commit
ff0b8df96b
@ -34,23 +34,23 @@
|
|||||||
# #
|
# #
|
||||||
#############################################################
|
#############################################################
|
||||||
|
|
||||||
JAVA_HOME=/usr/lib/jvm/java-1.5.0-ibm
|
JAVA_HOME=/usr/lib/jvm/jre-1.5.0
|
||||||
|
|
||||||
# Do not do anything if the client keystore has already been created
|
# Do not do anything if the client keystore has already been created
|
||||||
if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
|
if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
|
||||||
echo "The client keystore is already setup"
|
echo "The client keystore is already setup"
|
||||||
else
|
else
|
||||||
if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
|
if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
|
||||||
echo "Setting up the clients's keystore"
|
echo "Setting up the clients's keystore"
|
||||||
|
|
||||||
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
|
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
|
||||||
|
|
||||||
# Import the certificate to the client's keystore
|
# Import the certificate to the client's keystore
|
||||||
$KEYTOOL_PATH -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
$KEYTOOL_PATH -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
||||||
|
|
||||||
# List the content's of the client's keystore
|
# List the content's of the client's keystore
|
||||||
#$KEYTOOL_PATH -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
|
#$KEYTOOL_PATH -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
|
||||||
else
|
else
|
||||||
echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found"
|
echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -117,7 +117,7 @@ CLASSES = $(addprefix $(BUILDDIR)/, $(JAVAFILES:%.java=%.class))
|
|||||||
AXIS_LIBS = $(AXIS_JARS_DIR)/axis.jar:$(AXIS_JARS_DIR)/saaj.jar:$(AXIS_JARS_DIR)/wss4j-1.5.0.jar:$(AXIS_JARS_DIR)/xmlsec-1.2.1.jar
|
AXIS_LIBS = $(AXIS_JARS_DIR)/axis.jar:$(AXIS_JARS_DIR)/saaj.jar:$(AXIS_JARS_DIR)/wss4j-1.5.0.jar:$(AXIS_JARS_DIR)/xmlsec-1.2.1.jar
|
||||||
#AXIS_LIBS = $(AXIS_JARS_DIR)/wss4j-1.5.0.jar
|
#AXIS_LIBS = $(AXIS_JARS_DIR)/wss4j-1.5.0.jar
|
||||||
|
|
||||||
LIBS = /usr/share/java/servletapi5.jar
|
LIBS = /usr/share/java/servletapi5.jar:/usr/share/java/xerces-j2.jar
|
||||||
CLASSPATH = $(AXIS_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(LIBS)
|
CLASSPATH = $(AXIS_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(LIBS)
|
||||||
|
|
||||||
CUR_DIR := $(shell pwd)
|
CUR_DIR := $(shell pwd)
|
||||||
|
@ -86,14 +86,32 @@ StartDAEMON()
|
|||||||
test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
|
test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
|
||||||
done
|
done
|
||||||
|
|
||||||
|
TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
|
||||||
|
|
||||||
|
# Append the java.security.auth.login.conf property on the JAVA_OPTS environment
|
||||||
|
# variable if not utilizing the IBM JVM.
|
||||||
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
||||||
|
export JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/etc/CASA/authtoken/svc/jaas.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
# Make sure that the server.xml link has been made
|
# Make sure that the server.xml link has been made
|
||||||
if [ ! -f /srv/www/casaats/conf/server.xml ]; then
|
if [ ! -f /srv/www/casaats/conf/server.xml ]; then
|
||||||
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
|
# The server.xml file link needs to be made. Use the appropriate
|
||||||
|
# file for the JVM version that we are using.
|
||||||
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
||||||
|
# Assume Sun JVM
|
||||||
|
ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
|
||||||
|
else
|
||||||
|
# IBM JVM
|
||||||
|
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make sure that our service has rights to the file
|
||||||
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
|
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start it up
|
# Start it up
|
||||||
su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
|
su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs/start.log" 2>&1
|
||||||
sleep 1
|
sleep 1
|
||||||
if atsIsRunning ; then
|
if atsIsRunning ; then
|
||||||
rc_failed 0
|
rc_failed 0
|
||||||
|
@ -63,6 +63,34 @@ function display_usage
|
|||||||
echo ""
|
echo ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function setup_jaas_file
|
||||||
|
{
|
||||||
|
# Determine the file names
|
||||||
|
TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf
|
||||||
|
CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf
|
||||||
|
|
||||||
|
# Verify that the template file exists
|
||||||
|
if [ ! -f $TEMPLATE_FILE ]; then
|
||||||
|
echo "Template file $TEMPLATE_FILE does not exist"
|
||||||
|
return 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Verify that the output folder exists
|
||||||
|
if [ ! -d $CONFIG_FILE_FOLDER ]; then
|
||||||
|
echo "Output folder $CONFIG_FILE_FOLDER does not exist"
|
||||||
|
return 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clean-up the output folder
|
||||||
|
rm -f $CONFIG_FILE
|
||||||
|
|
||||||
|
# Create and edit the output file
|
||||||
|
host=`hostname -f`
|
||||||
|
sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function setup_iaRealms_file
|
function setup_iaRealms_file
|
||||||
{
|
{
|
||||||
# Determine the file names
|
# Determine the file names
|
||||||
@ -190,6 +218,7 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Setup the configuration files
|
# Setup the configuration files
|
||||||
|
setup_jaas_file
|
||||||
setup_iaRealms_file
|
setup_iaRealms_file
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
if [ "$RETVAL" = "0" ]; then
|
if [ "$RETVAL" = "0" ]; then
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
############################################################
|
############################################################
|
||||||
CATALINA_BASE="/srv/www/casaats"
|
CATALINA_BASE="/srv/www/casaats"
|
||||||
CATALINA_HOME="/usr/share/tomcat5"
|
CATALINA_HOME="/usr/share/tomcat5"
|
||||||
JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
|
JAVA_HOME="/usr/lib/jvm/jre-1.5.0"
|
||||||
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
|
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
|
||||||
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
|
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
|
||||||
|
|
||||||
|
@ -46,32 +46,32 @@
|
|||||||
|
|
||||||
# Do not do anything if the server keystore has already been created
|
# Do not do anything if the server keystore has already been created
|
||||||
if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
|
if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
|
||||||
echo "The server keystore is already setup"
|
echo "The server keystore is already setup"
|
||||||
# Make sure that the keystore file is owned by our service
|
# Make sure that the keystore file is owned by our service
|
||||||
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
|
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
|
||||||
else
|
else
|
||||||
echo "Setting up the server's keystore"
|
echo "Setting up the server's keystore"
|
||||||
|
|
||||||
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
|
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
|
||||||
|
|
||||||
# Create the server keystore with the key that will be used for signing tokens
|
# Create the server keystore with the key that will be used for signing tokens
|
||||||
host=`hostname -f`
|
host=`hostname -f`
|
||||||
$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
|
$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
|
||||||
|
|
||||||
# Export self-signed certificate for the signing key
|
# Export self-signed certificate for the signing key
|
||||||
$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
||||||
|
|
||||||
# Print the exported cert
|
# Print the exported cert
|
||||||
#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
||||||
|
|
||||||
# Create a key for Tomcat to do SSL communications
|
# Create a key for Tomcat to do SSL communications
|
||||||
$KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
|
$KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
|
||||||
|
|
||||||
# List the contents of the server's keystore
|
# List the contents of the server's keystore
|
||||||
#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
|
#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
|
||||||
|
|
||||||
# Make sure that the keystore is only accessible by the service
|
# Make sure that the keystore is only accessible by the service
|
||||||
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
|
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
|
||||||
chmod 600 /etc/CASA/authtoken/keys/server/jks-store
|
chmod 600 /etc/CASA/authtoken/keys/server/jks-store
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -30,7 +30,8 @@ EXTRA_DIST = auth.policy \
|
|||||||
authtoken.settings \
|
authtoken.settings \
|
||||||
iaRealms.xml \
|
iaRealms.xml \
|
||||||
identoken.settings \
|
identoken.settings \
|
||||||
svc.settings
|
svc.settings \
|
||||||
|
jaas.conf
|
||||||
|
|
||||||
.PHONY: package package-clean package-install package-uninstall
|
.PHONY: package package-clean package-install package-uninstall
|
||||||
package package-clean package-install package-uninstall:
|
package package-clean package-install package-uninstall:
|
||||||
|
@ -3,7 +3,7 @@ com.sun.security.auth.module.Krb5LoginModule required
|
|||||||
useTicketCache=true
|
useTicketCache=true
|
||||||
ticketCache="/var/lib/CASA/authtoken/svc/ticket.cache"
|
ticketCache="/var/lib/CASA/authtoken/svc/ticket.cache"
|
||||||
useKeyTab=true
|
useKeyTab=true
|
||||||
principal="host/jcserver2.provo.novell.com"
|
principal="host/HOSTNAME"
|
||||||
doNotPrompt=true
|
doNotPrompt=true
|
||||||
storeKey=true
|
storeKey=true
|
||||||
keyTab="/etc/krb5.keytab"
|
keyTab="/etc/krb5.keytab"
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 17 17:08:13 MST 2006 - jluciani@novell.com
|
||||||
|
|
||||||
|
- Removed hard dependency on IBM's JVM.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 9 11:42:15 MST 2006 - jluciani@novell.com
|
Thu Nov 9 11:42:15 MST 2006 - jluciani@novell.com
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
Name: @PACKAGE@
|
Name: @PACKAGE@
|
||||||
URL: http://www.novell.com/products
|
URL: http://www.novell.com/products
|
||||||
BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel java-1_5_0-ibm-alsa update-alternatives mono-devel servletapi5 identity-abstraction sysvinit insserv
|
BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-sdk-1.5.0 xerces-j2 update-alternatives mono-devel servletapi5 identity-abstraction sysvinit insserv
|
||||||
%define prefix /usr
|
%define prefix /usr
|
||||||
License: LGPL
|
License: LGPL
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
@ -28,7 +28,8 @@ Release: 0
|
|||||||
Summary: Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token)
|
Summary: Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token)
|
||||||
Source: %{name}-%{version}.tar.bz2
|
Source: %{name}-%{version}.tar.bz2
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
Requires: java-1_5_0-ibm servletapi5 tomcat5 sysvinit insserv identity-abstraction sed
|
Requires: java-1_5_0 >= 1.5.0
|
||||||
|
Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed
|
||||||
PreReq: %fillup_prereq %insserv_prereq
|
PreReq: %fillup_prereq %insserv_prereq
|
||||||
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
|
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
|
||||||
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
|
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
|
||||||
@ -154,6 +155,7 @@ ln -sf CasaAuthPolicyEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/a
|
|||||||
install -m 600 Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings
|
install -m 600 Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings
|
||||||
install -m 600 Svc/templates/auth.policy %{buildroot}/etc/CASA/authtoken/svc/templates/auth.policy
|
install -m 600 Svc/templates/auth.policy %{buildroot}/etc/CASA/authtoken/svc/templates/auth.policy
|
||||||
install -m 600 Svc/templates/iaRealms.xml %{buildroot}/etc/CASA/authtoken/svc/templates/iaRealms.xml
|
install -m 600 Svc/templates/iaRealms.xml %{buildroot}/etc/CASA/authtoken/svc/templates/iaRealms.xml
|
||||||
|
install -m 600 Svc/templates/jaas.conf %{buildroot}/etc/CASA/authtoken/svc/templates/jaas.conf
|
||||||
install -m 600 Svc/templates/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings
|
install -m 600 Svc/templates/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings
|
||||||
install -m 600 Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings
|
install -m 600 Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings
|
||||||
install -m 600 Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
|
install -m 600 Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
|
||||||
@ -311,6 +313,7 @@ userdel casaatsd
|
|||||||
/etc/CASA/authtoken/svc/templates/svc.settings
|
/etc/CASA/authtoken/svc/templates/svc.settings
|
||||||
/etc/CASA/authtoken/svc/templates/auth.policy
|
/etc/CASA/authtoken/svc/templates/auth.policy
|
||||||
/etc/CASA/authtoken/svc/templates/iaRealms.xml
|
/etc/CASA/authtoken/svc/templates/iaRealms.xml
|
||||||
|
/etc/CASA/authtoken/svc/templates/jaas.conf
|
||||||
%config /etc/CASA/authtoken/svc/authtoken.settings
|
%config /etc/CASA/authtoken/svc/authtoken.settings
|
||||||
%config /etc/CASA/authtoken/svc/identoken.settings
|
%config /etc/CASA/authtoken/svc/identoken.settings
|
||||||
%config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
|
%config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
|
||||||
|
Loading…
Reference in New Issue
Block a user