You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by js...@apache.org on 2012/04/09 08:22:06 UTC

svn commit: r1311136 - in /tuscany/sca-cpp/trunk/modules: http/httpd-conf http/httpd-ssl-conf http/proxy-base-conf http/proxy-conf http/proxy-ssl-conf http/vhost-conf http/vhost-ssl-conf oauth/mod-oauth1.cpp oauth/mod-oauth2.cpp

Author: jsdelfino
Date: Mon Apr  9 06:22:06 2012
New Revision: 1311136

URL: http://svn.apache.org/viewvc?rev=1311136&view=rev
Log:
Enable administrative access using basic auth.

Modified:
    tuscany/sca-cpp/trunk/modules/http/httpd-conf
    tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
    tuscany/sca-cpp/trunk/modules/http/proxy-base-conf
    tuscany/sca-cpp/trunk/modules/http/proxy-conf
    tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf
    tuscany/sca-cpp/trunk/modules/http/vhost-conf
    tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf
    tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
    tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp

Modified: tuscany/sca-cpp/trunk/modules/http/httpd-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-conf Mon Apr  9 06:22:06 2012
@@ -121,6 +121,7 @@ SetOutputFilter RATE_LIMIT;DEFLATE
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+BrowserMatch ^check_http/ check_http
 SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
 Header append Vary User-Agent env=!dont-vary
 
@@ -141,12 +142,24 @@ RewriteCond %{HTTP:X-Forwarded-Server} ^
 RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
 </Location>
 
+# Enable server status
+<Location /server-status>
+SetHandler server-status
+HostnameLookups on
+</Location>
+
+<Location /server-info>
+SetHandler server-info
+HostnameLookups on
+</Location>
+
 Include conf/svhost.conf
 
 # Configure authentication
 Include conf/noauth.conf
 Include conf/locauth.conf
 Include conf/pubauth.conf
+Include conf/adminauth.conf
 
 </VirtualHost>
 
@@ -299,16 +312,16 @@ AuthType None
 Require all granted
 </Location>
 
+EOF
+
+cat >$root/conf/adminauth.conf <<EOF
+
 # Allow the server admin to view the server status and info
 <Location /server-status>
-SetHandler server-status
-HostnameLookups on
 Require user admin
 </Location>
 
 <Location /server-info>
-SetHandler server-info
-HostnameLookups on
 Require user admin
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf Mon Apr  9 06:22:06 2012
@@ -78,6 +78,7 @@ Include conf/svhost-ssl.conf
 Include conf/noauth-ssl.conf
 Include conf/locauth-ssl.conf
 Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
 
 </VirtualHost>
 
@@ -98,6 +99,13 @@ Include conf/pubauth.conf
 
 EOF
 
+cat >$root/conf/adminauth-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Allow admin access
+Include conf/adminauth.conf
+
+EOF
+
 # Allow public access to server resources
 cat >$root/conf/noauth-ssl.conf <<EOF
 # Generated by: httpd-conf $*

Modified: tuscany/sca-cpp/trunk/modules/http/proxy-base-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/proxy-base-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/proxy-base-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/proxy-base-conf Mon Apr  9 06:22:06 2012
@@ -33,16 +33,14 @@ ProxyPass /server-info !
 <Location /balancer-manager>
 SetHandler balancer-manager
 HostnameLookups on
-Require user admin
 </Location> 
 
 EOF
 
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
 # Generated by: proxy-conf $*
 # Allow the server admin to manage the load balancer
 <Location /balancer-manager>
-HostnameLookups on
 Require user admin
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/http/proxy-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/proxy-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/proxy-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/proxy-conf Mon Apr  9 06:22:06 2012
@@ -44,16 +44,14 @@ RequestHeader set X-Forwarded-Port %{SER
 <Location /balancer-manager>
 SetHandler balancer-manager
 HostnameLookups on
-Require user admin
 </Location> 
 
 EOF
 
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
 # Generated by: proxy-conf $*
 # Allow the server admin to manage the load balancer
 <Location /balancer-manager>
-HostnameLookups on
 Require user admin
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf Mon Apr  9 06:22:06 2012
@@ -44,7 +44,6 @@ RequestHeader set X-Forwarded-Port %{SER
 <Location /balancer-manager>
 SetHandler balancer-manager
 HostnameLookups on
-Require user admin
 </Location> 
 
 EOF

Modified: tuscany/sca-cpp/trunk/modules/http/vhost-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/vhost-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/vhost-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/vhost-conf Mon Apr  9 06:22:06 2012
@@ -54,6 +54,7 @@ Include conf/dvhost.conf
 Include conf/noauth.conf
 Include conf/auth.conf
 Include conf/pubauth.conf
+Include conf/adminauth.conf
 
 </VirtualHost>
 

Modified: tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf Mon Apr  9 06:22:06 2012
@@ -59,6 +59,7 @@ Include conf/dvhost-ssl.conf
 Include conf/noauth-ssl.conf
 Include conf/auth-ssl.conf
 Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
 
 </VirtualHost>
 

Modified: tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp Mon Apr  9 06:22:06 2012
@@ -435,7 +435,10 @@ static int checkAuthn(request_rec *r) {
         return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc));
     }
 
-    // Redirect to the login page, unless we have a session id from another module
+    // Redirect to the login page, unless we have a session id or an authorization
+    // header from another module
+    if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+        return DECLINED;
     if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOAuth2")))

Modified: tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp Mon Apr  9 06:22:06 2012
@@ -308,7 +308,10 @@ static int checkAuthn(request_rec *r) {
         return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.cs, sc.mc));
     }
 
-    // Redirect to the login page, unless we have a session id from another module
+    // Redirect to the login page, unless we have a session id or an authorization
+    // header from another module
+    if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+        return DECLINED;
     if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOAuth1")))