You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by js...@apache.org on 2012/04/09 08:22:06 UTC
svn commit: r1311136 - in /tuscany/sca-cpp/trunk/modules: http/httpd-conf
http/httpd-ssl-conf http/proxy-base-conf http/proxy-conf
http/proxy-ssl-conf http/vhost-conf http/vhost-ssl-conf
oauth/mod-oauth1.cpp oauth/mod-oauth2.cpp
Author: jsdelfino
Date: Mon Apr 9 06:22:06 2012
New Revision: 1311136
URL: http://svn.apache.org/viewvc?rev=1311136&view=rev
Log:
Enable administrative access using basic auth.
Modified:
tuscany/sca-cpp/trunk/modules/http/httpd-conf
tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
tuscany/sca-cpp/trunk/modules/http/proxy-base-conf
tuscany/sca-cpp/trunk/modules/http/proxy-conf
tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf
tuscany/sca-cpp/trunk/modules/http/vhost-conf
tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf
tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
Modified: tuscany/sca-cpp/trunk/modules/http/httpd-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-conf Mon Apr 9 06:22:06 2012
@@ -121,6 +121,7 @@ SetOutputFilter RATE_LIMIT;DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+BrowserMatch ^check_http/ check_http
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
@@ -141,12 +142,24 @@ RewriteCond %{HTTP:X-Forwarded-Server} ^
RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
</Location>
+# Enable server status
+<Location /server-status>
+SetHandler server-status
+HostnameLookups on
+</Location>
+
+<Location /server-info>
+SetHandler server-info
+HostnameLookups on
+</Location>
+
Include conf/svhost.conf
# Configure authentication
Include conf/noauth.conf
Include conf/locauth.conf
Include conf/pubauth.conf
+Include conf/adminauth.conf
</VirtualHost>
@@ -299,16 +312,16 @@ AuthType None
Require all granted
</Location>
+EOF
+
+cat >$root/conf/adminauth.conf <<EOF
+
# Allow the server admin to view the server status and info
<Location /server-status>
-SetHandler server-status
-HostnameLookups on
Require user admin
</Location>
<Location /server-info>
-SetHandler server-info
-HostnameLookups on
Require user admin
</Location>
Modified: tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf Mon Apr 9 06:22:06 2012
@@ -78,6 +78,7 @@ Include conf/svhost-ssl.conf
Include conf/noauth-ssl.conf
Include conf/locauth-ssl.conf
Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
</VirtualHost>
@@ -98,6 +99,13 @@ Include conf/pubauth.conf
EOF
+cat >$root/conf/adminauth-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Allow admin access
+Include conf/adminauth.conf
+
+EOF
+
# Allow public access to server resources
cat >$root/conf/noauth-ssl.conf <<EOF
# Generated by: httpd-conf $*
Modified: tuscany/sca-cpp/trunk/modules/http/proxy-base-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/proxy-base-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/proxy-base-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/proxy-base-conf Mon Apr 9 06:22:06 2012
@@ -33,16 +33,14 @@ ProxyPass /server-info !
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
-Require user admin
</Location>
EOF
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
# Generated by: proxy-conf $*
# Allow the server admin to manage the load balancer
<Location /balancer-manager>
-HostnameLookups on
Require user admin
</Location>
Modified: tuscany/sca-cpp/trunk/modules/http/proxy-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/proxy-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/proxy-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/proxy-conf Mon Apr 9 06:22:06 2012
@@ -44,16 +44,14 @@ RequestHeader set X-Forwarded-Port %{SER
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
-Require user admin
</Location>
EOF
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
# Generated by: proxy-conf $*
# Allow the server admin to manage the load balancer
<Location /balancer-manager>
-HostnameLookups on
Require user admin
</Location>
Modified: tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/proxy-ssl-conf Mon Apr 9 06:22:06 2012
@@ -44,7 +44,6 @@ RequestHeader set X-Forwarded-Port %{SER
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
-Require user admin
</Location>
EOF
Modified: tuscany/sca-cpp/trunk/modules/http/vhost-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/vhost-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/vhost-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/vhost-conf Mon Apr 9 06:22:06 2012
@@ -54,6 +54,7 @@ Include conf/dvhost.conf
Include conf/noauth.conf
Include conf/auth.conf
Include conf/pubauth.conf
+Include conf/adminauth.conf
</VirtualHost>
Modified: tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/vhost-ssl-conf Mon Apr 9 06:22:06 2012
@@ -59,6 +59,7 @@ Include conf/dvhost-ssl.conf
Include conf/noauth-ssl.conf
Include conf/auth-ssl.conf
Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
</VirtualHost>
Modified: tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp Mon Apr 9 06:22:06 2012
@@ -435,7 +435,10 @@ static int checkAuthn(request_rec *r) {
return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc));
}
- // Redirect to the login page, unless we have a session id from another module
+ // Redirect to the login page, unless we have a session id or an authorization
+ // header from another module
+ if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+ return DECLINED;
if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOAuth2")))
Modified: tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp?rev=1311136&r1=1311135&r2=1311136&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp Mon Apr 9 06:22:06 2012
@@ -308,7 +308,10 @@ static int checkAuthn(request_rec *r) {
return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.cs, sc.mc));
}
- // Redirect to the login page, unless we have a session id from another module
+ // Redirect to the login page, unless we have a session id or an authorization
+ // header from another module
+ if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+ return DECLINED;
if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOAuth1")))