You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by js...@apache.org on 2013/01/03 08:42:01 UTC
svn commit: r1428194 - in /tuscany/sca-cpp/trunk/modules: http/ js/ oauth/
openid/ server/
Author: jsdelfino
Date: Thu Jan 3 07:42:01 2013
New Revision: 1428194
URL: http://svn.apache.org/viewvc?rev=1428194&view=rev
Log:
Minor changes to server config scripts to get auth and session management to behave the same with or without a proxy.
Modified:
tuscany/sca-cpp/trunk/modules/http/basic-auth-conf
tuscany/sca-cpp/trunk/modules/http/cert-auth-conf
tuscany/sca-cpp/trunk/modules/http/form-auth-conf
tuscany/sca-cpp/trunk/modules/http/httpd-conf
tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
tuscany/sca-cpp/trunk/modules/http/open-auth-conf
tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf
tuscany/sca-cpp/trunk/modules/js/js-conf
tuscany/sca-cpp/trunk/modules/oauth/oauth-conf
tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf
tuscany/sca-cpp/trunk/modules/openid/openid-conf
tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf
tuscany/sca-cpp/trunk/modules/server/server-conf
Modified: tuscany/sca-cpp/trunk/modules/http/basic-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/basic-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/basic-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/basic-auth-conf Thu Jan 3 07:42:01 2013
@@ -28,7 +28,7 @@ host=`echo $conf | awk '{ print $6 }'`
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2 file"
+ providers="file $2"
fi
if [ "$3" = "" ]; then
Modified: tuscany/sca-cpp/trunk/modules/http/cert-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/cert-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/cert-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/cert-auth-conf Thu Jan 3 07:42:01 2013
@@ -35,7 +35,7 @@ fi
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2 file"
+ providers="file $2"
fi
# Disallow public access to server resources
Modified: tuscany/sca-cpp/trunk/modules/http/form-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/form-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/form-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/form-auth-conf Thu Jan 3 07:42:01 2013
@@ -28,7 +28,7 @@ host=`echo $conf | awk '{ print $6 }'`
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2 file"
+ providers="file $2"
fi
if [ "$3" = "" ]; then
@@ -63,19 +63,41 @@ AuthFormProvider socache $providers
AuthnCacheProvideFor $providers
AuthnCacheContext /
AuthFormLoginRequiredLocation /login/
-AuthFormLogoutLocation /
Session On
-SessionCookieName TuscanyFormAuth domain=.$host; path=/
+SessionCookieName TuscanyFormAuth domain=.$host; path=/; secure; httponly
SessionCryptoPassphrase $pw
Require valid-user
</Location>
<Location /login/dologin>
SetHandler form-login-handler
+AuthType Form
+AuthName "$host"
+AuthFormProvider socache $providers
+AuthFormLoginRequiredLocation /login/?openauth_attempt=1
+Session On
+Require valid-user
</Location>
<Location /logout/dologout>
SetHandler form-logout-handler
+AuthType Form
+AuthName "$host"
+AuthFormLogoutLocation /
+Session On
+Require valid-user
+</Location>
+
+EOF
+
+cat >>$root/conf/pubauth$sslsuffix.conf <<EOF
+# Generated by: open-auth-conf $*
+# Enable Tuscany open authentication
+<Location /login/dologin>
+Session On
+</Location>
+<Location /logout/dologout>
+Session On
</Location>
EOF
Modified: tuscany/sca-cpp/trunk/modules/http/httpd-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-conf Thu Jan 3 07:42:01 2013
@@ -174,15 +174,6 @@ LoadModule mpm_prefork_module ${modules_
EOF
-if [ $uname = "Darwin" ]; then
- cat >>$root/conf/mpm.conf <<EOF
-# Generated by: httpd-conf $*
-# Set thread stack size
-ThreadStackSize 2097152
-
-EOF
-fi
-
# Generate modules list
cat >$root/conf/modules.conf <<EOF
# Generated by: httpd-conf $*
@@ -269,28 +260,40 @@ cat >$root/conf/pubauth.conf <<EOF
# Allow everyone to access public locations
<Location /login>
AuthType None
+Session Off
Require all granted
# Mark login page with a header
Header set X-Login open-auth
</Location>
+<Location /login/dologin>
+Session Off
+</Location>
<Location /logout>
AuthType None
+Session Off
Require all granted
</Location>
+<Location /logout/dologout>
+Session Off
+</Location>
<Location /public>
AuthType None
+Session Off
Require all granted
</Location>
<Location /proxy/public>
AuthType None
+Session Off
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
+Session Off
Require all granted
</Location>
<Location /robots.txt>
AuthType None
+Session Off
Require all granted
</Location>
@@ -322,12 +325,14 @@ cat >$root/conf/noauth.conf <<EOF
# Allow access to document root
<Directory "$htdocs">
AuthType None
+Session Off
Require all granted
</Directory>
# Allow everyone to access root location
<Location />
AuthType None
+Session Off
Require all granted
</Location>
Modified: tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf Thu Jan 3 07:42:01 2013
@@ -68,6 +68,7 @@ SSLSessionCacheTimeout 300
Mutex "file:$root/logs" ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
+SSLCompression Off
# Listen on HTTPS port
Listen $sslport
@@ -165,7 +166,10 @@ UseCanonicalName Off
# Enable SSL
SSLEngine on
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLProtocol ALL -SSLv2
+SSLHonorCipherOrder On
+#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
+SSLCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
@@ -188,9 +192,12 @@ ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On
SSLProxyEngine on
-SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLProxyProtocol ALL -SSLv2
+#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
+SSLProxyCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
# Verify server certificates
+SSLProxyCACertificateFile "$root/cert/cacert.pem"
SSLProxyVerify require
SSLProxyVerifyDepth 1
SSLProxyCheckPeerCN Off
Modified: tuscany/sca-cpp/trunk/modules/http/open-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/open-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/open-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/open-auth-conf Thu Jan 3 07:42:01 2013
@@ -42,7 +42,7 @@ fi
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2 file"
+ providers="file $2"
fi
if [ "$3" = "" ]; then
@@ -76,24 +76,42 @@ AuthName "$host"
AuthOpenAuthProvider socache $providers
AuthnCacheProvideFor $providers
AuthnCacheContext /
+AuthOpenAuthLoginPage /login/
Session On
SessionCryptoPassphrase $pw
AuthOpenAuth On
-AuthOpenAuthLoginPage /login/
Require valid-user
</Location>
# Use HTTPD form-based authentication
<Location /login/dologin>
+SetHandler form-login-handler
AuthType Form
AuthName "$host"
AuthFormProvider socache $providers
-AuthnCacheProvideFor $providers
-AuthnCacheContext /
AuthFormLoginRequiredLocation /login/?openauth_attempt=1
-AuthFormLogoutLocation /
+Session On
Require valid-user
-SetHandler form-login-handler
+</Location>
+
+<Location /logout/dologout>
+SetHandler mod_tuscany_openauth_logout
+AuthType Open
+AuthName "$host"
+Session On
+Require valid-user
+</Location>
+
+EOF
+
+cat >>$root/conf/pubauth$sslsuffix.conf <<EOF
+# Generated by: open-auth-conf $*
+# Enable Tuscany open authentication
+<Location /login/dologin>
+Session On
+</Location>
+<Location /logout/dologout>
+Session On
</Location>
EOF
Modified: tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf Thu Jan 3 07:42:01 2013
@@ -94,3 +94,8 @@ mkdir -p $root/cert/hash
cp $root/cert/ca.crt $root/cert/hash
perl /usr/bin/c_rehash $root/cert/hash
+# Build CA certificate bundle
+curl_prefix=`cat $here/../http/curl.prefix`
+cp $curl_prefix/lib/cacert.pem $root/cert/cacert.pem
+cat $root/cert/ca.crt >> $root/cert/cacert.pem
+
Modified: tuscany/sca-cpp/trunk/modules/js/js-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/js/js-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/js/js-conf (original)
+++ tuscany/sca-cpp/trunk/modules/js/js-conf Thu Jan 3 07:42:01 2013
@@ -36,18 +36,22 @@ cat >>$root/conf/pubauth.conf <<EOF
# Generated by: js-conf $*
<Location /ui-min.css>
AuthType None
+Session Off
Require all granted
</Location>
<Location /all-min.js>
AuthType None
+Session Off
Require all granted
</Location>
<Location /proxy/ui-min.css>
AuthType None
+Session Off
Require all granted
</Location>
<Location /proxy/all-min.js>
AuthType None
+Session Off
Require all granted
</Location>
Modified: tuscany/sca-cpp/trunk/modules/oauth/oauth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/oauth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/oauth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/oauth-conf Thu Jan 3 07:42:01 2013
@@ -42,7 +42,7 @@ fi
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2 file"
+ providers="file $2"
fi
# Configure HTTPD mod_tuscany_oauth module
Modified: tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf Thu Jan 3 07:42:01 2013
@@ -42,7 +42,7 @@ fi
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2 file"
+ providers="file $2"
fi
# Configure HTTPD mod_tuscany_oauth module
Modified: tuscany/sca-cpp/trunk/modules/openid/openid-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/openid/openid-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/openid/openid-conf (original)
+++ tuscany/sca-cpp/trunk/modules/openid/openid-conf Thu Jan 3 07:42:01 2013
@@ -36,7 +36,7 @@ fi
if [ "$2" = "" ]; then
providers="file"
else
- providers="$2"
+ providers="file $2"
fi
# Configure HTTPD mod_auth_openid module
@@ -84,6 +84,7 @@ cat >>$root/conf/pubauth$sslsuffix.conf
# Allow public access to /openid location
<Location /openid>
AuthType None
+Session Off
Require all granted
</Location>
Modified: tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf (original)
+++ tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf Thu Jan 3 07:42:01 2013
@@ -54,6 +54,7 @@ cat >>$root/conf/pubauth$sslsuffix.conf
# Allow access to /.well-known/host-meta location
<Location /.well-known/host-meta>
AuthType None
+Session Off
Require all granted
</Location>
Modified: tuscany/sca-cpp/trunk/modules/server/server-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/server/server-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/server/server-conf (original)
+++ tuscany/sca-cpp/trunk/modules/server/server-conf Thu Jan 3 07:42:01 2013
@@ -42,7 +42,7 @@ ssl=`cat $root/conf/httpd.conf | grep "#
if [ "$ssl" != "" ]; then
cat >>$root/conf/httpd.conf <<EOF
# Configure SSL certificates
-SCAWiringSSLCACertificateFile "$root/cert/ca.crt"
+SCAWiringSSLCACertificateFile "$root/cert/cacert.pem"
SCAWiringSSLCertificateFile "$root/cert/server.crt"
SCAWiringSSLCertificateKeyFile "$root/cert/server.key"