You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2013/06/06 00:30:08 UTC
svn commit: r1490052 - in /incubator/jspwiki/trunk/jspwiki-war: pom.xml
src/main/filters/filters.properties src/test/resources/WEB-INF/
src/test/resources/WEB-INF/web.xml
Author: juanpablo
Date: Wed Jun 5 22:30:07 2013
New Revision: 1490052
URL: http://svn.apache.org/r1490052
Log:
copied src/main/webapp/WEB-INF/web.xml to src/test/resources, as it's needed in some tests. This allows us to get rid of maven-antrun plugin on jspwiki-war, as the rest of the target performed IT-specific actions
src/main/filters/filters.properties testcontainerlog entry pointing to target/test-classes
Added:
incubator/jspwiki/trunk/jspwiki-war/src/test/resources/WEB-INF/
incubator/jspwiki/trunk/jspwiki-war/src/test/resources/WEB-INF/web.xml
Modified:
incubator/jspwiki/trunk/jspwiki-war/pom.xml
incubator/jspwiki/trunk/jspwiki-war/src/main/filters/filters.properties
Modified: incubator/jspwiki/trunk/jspwiki-war/pom.xml
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/jspwiki-war/pom.xml?rev=1490052&r1=1490051&r2=1490052&view=diff
==============================================================================
--- incubator/jspwiki/trunk/jspwiki-war/pom.xml (original)
+++ incubator/jspwiki/trunk/jspwiki-war/pom.xml Wed Jun 5 22:30:07 2013
@@ -219,41 +219,6 @@
</configuration>
</plugin>
- <plugin>
- <artifactId>maven-antrun-plugin</artifactId>
- <version>1.7</version>
- <executions>
- <execution>
- <phase>generate-resources</phase>
- <id>create_files</id>
- <configuration>
- <target>
- <!-- Create web.xml files for testing -->
- <copy file="src/main/webapp/WEB-INF/web.xml" tofile="target/test-classes/WEB-INF/web.xml" />
-
- <!-- For web unit tests, turn off SSL (self-signed certs b0rk
- the tests) and enable JDBC refs -->
- <replace file="target/test-classes/WEB-INF/web.xml"
- token="CONFIDENTIAL" value="NONE" />
- <replace file="target/test-classes/WEB-INF/web.xml"
- token="<!-- REMOVE ME TO ENABLE JDBC DATABASE" value="" />
- <replace file="target/test-classes/WEB-INF/web.xml"
- token="REMOVE ME TO ENABLE JDBC DATABASE -->" value="" />
-
- <!-- For unit testing, turn on container auth -->
- <replace file="target/test-classes/WEB-INF/web.xml"
- token="<!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH" value="" />
- <replace file="target/test-classes/WEB-INF/web.xml"
- token="REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH -->" value="" />
- </target>
- </configuration>
- <goals>
- <goal>run</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
-
<!-- Surefire plugin (running unit tests):
http://maven.apache.org/surefire/maven-surefire-plugin/
Modified: incubator/jspwiki/trunk/jspwiki-war/src/main/filters/filters.properties
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/jspwiki-war/src/main/filters/filters.properties?rev=1490052&r1=1490051&r2=1490052&view=diff
==============================================================================
--- incubator/jspwiki/trunk/jspwiki-war/src/main/filters/filters.properties (original)
+++ incubator/jspwiki/trunk/jspwiki-war/src/main/filters/filters.properties Wed Jun 5 22:30:07 2013
@@ -28,7 +28,7 @@ spamlog=/tmp/spamlog.log
tests.pagedir=/tmp/testrepository
tests.workdir=/tmp/testworkdir
tests.logfile=/tmp/jspwikitests.log
-testcontainerlog=tests/build/webtests/testcontainer.log
+testcontainerlog=target/test-classes/webtests/testcontainer.log
tests.auth.filename=/tmp/testrepository/auth.txt
tests.filter=/filters.xml
Added: incubator/jspwiki/trunk/jspwiki-war/src/test/resources/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/jspwiki-war/src/test/resources/WEB-INF/web.xml?rev=1490052&view=auto
==============================================================================
--- incubator/jspwiki/trunk/jspwiki-war/src/test/resources/WEB-INF/web.xml (added)
+++ incubator/jspwiki/trunk/jspwiki-war/src/test/resources/WEB-INF/web.xml Wed Jun 5 22:30:07 2013
@@ -0,0 +1,379 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <description>
+ JSPWiki is an open source JSP-based WikiClone. It is licensed
+ under the Apache 2.0 license.
+
+ For more information, please come to http://www.jspwiki.org/
+ </description>
+ <display-name>JSPWiki</display-name>
+
+ <!-- Resource bundle default location -->
+ <context-param>
+ <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
+ <param-value>templates.default</param-value>
+ </context-param>
+
+ <!--
+ WikiServletFilter defines a servlet filter which filters all requests. It was
+ introduced in JSPWiki 2.4.
+
+ In 2.7/2.8, the WikiServlet filter also performs an important security function:
+ it sets authentication status based on container credentials. It should generally
+ execute first. Note that if you configure a filter *before* this one that returns
+ non-null values for getUserPrincipal() or getRemoteUser(), WikiSecurityFilter
+ will pick the credentials up, and set the user's WikiSession state to
+ "authenticated." WikiServletFlter will also set the WikiSession's' state
+ to "authenticated" if jspwiki.properties property "jspwiki.cookieAuthentication"
+ is set to true, and the user possesses the correct authentication cookie.
+
+ Lastly, if jspwiki.properties property "jspwiki.cookieAssertions" is set to true,
+ WikiServletFilter will also set WikiSession state to "asserted" if the user
+ possesses the correct "assertion cookie."
+ -->
+
+ <filter>
+ <filter-name>WikiServletFilter</filter-name>
+ <filter-class>org.apache.wiki.ui.WikiServletFilter</filter-class>
+ </filter>
+ <filter>
+ <filter-name>WikiJSPFilter</filter-name>
+ <filter-class>org.apache.wiki.ui.WikiJSPFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>WikiServletFilter</filter-name>
+ <url-pattern>/attach/*</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>WikiServletFilter</filter-name>
+ <url-pattern>/atom/*</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>WikiServletFilter</filter-name>
+ <url-pattern>/RPCU/</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>WikiServletFilter</filter-name>
+ <url-pattern>/RPC2/</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>WikiServletFilter</filter-name>
+ <url-pattern>/JSON-RPC</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>WikiJSPFilter</filter-name>
+ <url-pattern>/wiki/*</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>WikiJSPFilter</filter-name>
+ <url-pattern>*.jsp</url-pattern>
+ </filter-mapping>
+
+ <!--
+ HttpSessionListener used for managing WikiSession's.
+ -->
+ <listener>
+ <listener-class>org.apache.wiki.auth.SessionMonitor</listener-class>
+ </listener>
+
+ <!--
+ Now, let's define the XML-RPC interfaces. You probably don't have to
+ touch these.
+
+ First, we'll define the standard XML-RPC interface.
+ -->
+ <servlet>
+ <servlet-name>XMLRPC</servlet-name>
+ <servlet-class>org.apache.wiki.xmlrpc.RPCServlet</servlet-class>
+ <init-param>
+ <param-name>handler</param-name>
+ <param-value>org.apache.wiki.xmlrpc.RPCHandler</param-value>
+ </init-param>
+
+ <init-param>
+ <param-name>prefix</param-name>
+ <param-value>wiki</param-value>
+ </init-param>
+ </servlet>
+
+ <!--
+ OK, this then defines that our UTF-8 -capable server.
+ -->
+
+ <servlet>
+ <servlet-name>XMLRPC-UTF8</servlet-name>
+ <servlet-class>org.apache.wiki.xmlrpc.RPCServlet</servlet-class>
+ <init-param>
+ <param-name>handler</param-name>
+ <param-value>org.apache.wiki.xmlrpc.RPCHandlerUTF8</param-value>
+ </init-param>
+
+ <init-param>
+ <param-name>prefix</param-name>
+ <param-value>wiki</param-value>
+ </init-param>
+ </servlet>
+
+ <!-- JSON AJAX API -->
+ <servlet>
+ <servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
+ <servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
+ </servlet>
+
+ <!-- Atom Publishing Protocol -->
+ <servlet>
+ <servlet-name>ATOM</servlet-name>
+ <servlet-class>org.apache.wiki.rpc.atom.AtomAPIServlet</servlet-class>
+ </servlet>
+
+ <!-- Maps short URLS to JSPs; also, detects webapp shutdown. -->
+ <servlet>
+ <servlet-name>WikiServlet</servlet-name>
+ <servlet-class>org.apache.wiki.WikiServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <!--
+ Attachment exchange handler.
+ -->
+
+ <servlet>
+ <servlet-name>AttachmentServlet</servlet-name>
+ <servlet-class>org.apache.wiki.attachment.AttachmentServlet</servlet-class>
+ </servlet>
+
+ <!-- PLACEHOLDER FOR PRE-COMPILED JSP SERVLETS -->
+
+ <!--
+ And finally, let us tell the servlet container which
+ URLs should correspond to which XML RPC servlet.
+ -->
+
+ <!-- By default, this is disabled. If you want to enabled it,
+ just uncomment the whole section. -->
+
+ <!-- REMOVE ME TO ENABLE XML-RPC
+
+ <servlet-mapping>
+ <servlet-name>XMLRPC</servlet-name>
+ <url-pattern>/RPC2/</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>XMLRPC-UTF8</servlet-name>
+ <url-pattern>/RPCU/</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>ATOM</servlet-name>
+ <url-pattern>/atom/*</url-pattern>
+ </servlet-mapping>
+
+ AND REMOVE ME TOO -->
+
+ <servlet-mapping>
+ <servlet-name>AttachmentServlet</servlet-name>
+ <url-pattern>/attach/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>WikiServlet</servlet-name>
+ <url-pattern>/wiki/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
+ <url-pattern>/JSON-RPC</url-pattern>
+ </servlet-mapping>
+
+ <!-- This means that we don't have to use redirection
+ from index.html anymore. Yay! -->
+ <welcome-file-list>
+ <welcome-file>Wiki.jsp</welcome-file>
+ </welcome-file-list>
+
+ <!-- Error pages -->
+ <error-page>
+ <error-code>403</error-code>
+ <location>/error/Forbidden.html</location>
+ </error-page>
+
+ <!-- REMOVE ME TO ENABLE JDBC DATABASE
+ <resource-ref>
+ <description>
+ Resource reference to JNDI factory for the JDBCUserDatabase.
+ </description>
+ <res-ref-name>
+ jdbc/UserDatabase
+ </res-ref-name>
+ <res-type>
+ javax.sql.DataSource
+ </res-type>
+ <res-auth>
+ Container
+ </res-auth>
+ </resource-ref>
+ <resource-ref>
+ <description>
+ Resource reference to JNDI factory for the JDBCGroupDatabase.
+ </description>
+ <res-ref-name>
+ jdbc/GroupDatabase
+ </res-ref-name>
+ <res-type>
+ javax.sql.DataSource
+ </res-type>
+ <res-auth>
+ Container
+ </res-auth>
+ </resource-ref>
+ REMOVE ME TO ENABLE JDBC DATABASE -->
+
+ <!-- REMOVE ME TO ENABLE JAVAMAIL
+ <resource-ref>
+ <description>Resource reference to a container-managed JNDI JavaMail factory for sending e-mails.</description>
+ <res-ref-name>mail/Session</res-ref-name>
+ <res-type>javax.mail.Session</res-type>
+ <res-auth>Container</res-auth>
+ </resource-ref>
+ REMOVE ME TO ENABLE JAVAMAIL -->
+
+ <!--
+ CONTAINER-MANAGED AUTHENTICATION & AUTHORIZATION
+
+ Here we define the users which are allowed to access JSPWiki.
+ These restrictions cause the web container to apply further
+ contraints to the default security policy in jspwiki.policy,
+ and should be suitable for a corporate intranet or public wiki.
+
+ In particular, the restrictions below allow all users to
+ read documents, but only Authenticated users can comment
+ on or edit them (i.e., access the Edit.jsp page).
+ Users with the role Admin are the only persons who can
+ delete pages.
+
+ To implement this policy, the container enforces two web
+ resource constraints: one for the Administrator resources,
+ and one for Authenticated users. Note that the "role-name"
+ values are significant and should match the role names
+ retrieved by your web container's security realm. The roles
+ of "Admin" and "Authenticated" are assigned by the web
+ container at login time.
+
+ For example, if you are using Tomcat's built-in "memory realm",
+ you should edit the $CATALINA_HOME/conf/tomcat-users.xml file
+ and add the desired actual user accounts. Each user must possess
+ one or both of the Admin or Authenticated roles. For other realm
+ types, consult your web container's documentation.
+
+ Alternatively, you could also replace all references to
+ "Authenticated" and "Admin" with role names that match those
+ returned by your container's security realm. We don't care
+ either way, as long as they match.
+
+ Note that accessing protected resources will cause your
+ container to try to use SSL (default port for Tomcat is 8443)
+ to secure the web session. This, of course, assumes your
+ web container (or web server) is configured with SSL support.
+ If you do not wish to use SSL, remove the "user-data-constraint"
+ elements.
+ -->
+
+ <!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Administrative Area</web-resource-name>
+ <url-pattern>/Delete.jsp</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Admin</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Authenticated area</web-resource-name>
+ <url-pattern>/Edit.jsp</url-pattern>
+ <url-pattern>/Comment.jsp</url-pattern>
+ <url-pattern>/Login.jsp</url-pattern>
+ <url-pattern>/NewGroup.jsp</url-pattern>
+ <url-pattern>/Rename.jsp</url-pattern>
+ <url-pattern>/Upload.jsp</url-pattern>
+ <http-method>DELETE</http-method>
+ <http-method>GET</http-method>
+ <http-method>HEAD</http-method>
+ <http-method>POST</http-method>
+ <http-method>PUT</http-method>
+ </web-resource-collection>
+
+ <web-resource-collection>
+ <web-resource-name>Read-only Area</web-resource-name>
+ <url-pattern>/attach</url-pattern>
+ <http-method>DELETE</http-method>
+ <http-method>POST</http-method>
+ <http-method>PUT</http-method>
+ </web-resource-collection>
+
+ <auth-constraint>
+ <role-name>Admin</role-name>
+ <role-name>Authenticated</role-name>
+ </auth-constraint>
+
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/LoginForm.jsp</form-login-page>
+ <form-error-page>/LoginForm.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <security-role>
+ <description>
+ This logical role includes all authenticated users
+ </description>
+ <role-name>Authenticated</role-name>
+ </security-role>
+
+ <security-role>
+ <description>
+ This logical role includes all administrative users
+ </description>
+ <role-name>Admin</role-name>
+ </security-role>
+
+ REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH -->
+
+</web-app>