You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by js...@apache.org on 2013/01/03 08:42:01 UTC
svn commit: r1428194 - in /tuscany/sca-cpp/trunk/modules: http/ js/ oauth/ openid/ server/

Author: jsdelfino
Date: Thu Jan  3 07:42:01 2013
New Revision: 1428194

URL: http://svn.apache.org/viewvc?rev=1428194&view=rev
Log:
Minor changes to server config scripts to get auth and session management to behave the same with or without a proxy.

Modified:
    tuscany/sca-cpp/trunk/modules/http/basic-auth-conf
    tuscany/sca-cpp/trunk/modules/http/cert-auth-conf
    tuscany/sca-cpp/trunk/modules/http/form-auth-conf
    tuscany/sca-cpp/trunk/modules/http/httpd-conf
    tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
    tuscany/sca-cpp/trunk/modules/http/open-auth-conf
    tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf
    tuscany/sca-cpp/trunk/modules/js/js-conf
    tuscany/sca-cpp/trunk/modules/oauth/oauth-conf
    tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf
    tuscany/sca-cpp/trunk/modules/openid/openid-conf
    tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf
    tuscany/sca-cpp/trunk/modules/server/server-conf

Modified: tuscany/sca-cpp/trunk/modules/http/basic-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/basic-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/basic-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/basic-auth-conf Thu Jan  3 07:42:01 2013
@@ -28,7 +28,7 @@ host=`echo $conf | awk '{ print $6 }'`
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2 file"
+    providers="file $2"
 fi
 
 if [ "$3" = "" ]; then

Modified: tuscany/sca-cpp/trunk/modules/http/cert-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/cert-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/cert-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/cert-auth-conf Thu Jan  3 07:42:01 2013
@@ -35,7 +35,7 @@ fi
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2 file"
+    providers="file $2"
 fi
 
 # Disallow public access to server resources

Modified: tuscany/sca-cpp/trunk/modules/http/form-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/form-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/form-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/form-auth-conf Thu Jan  3 07:42:01 2013
@@ -28,7 +28,7 @@ host=`echo $conf | awk '{ print $6 }'`
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2 file"
+    providers="file $2"
 fi
 
 if [ "$3" = "" ]; then
@@ -63,19 +63,41 @@ AuthFormProvider socache $providers
 AuthnCacheProvideFor $providers
 AuthnCacheContext /
 AuthFormLoginRequiredLocation /login/
-AuthFormLogoutLocation /
 Session On
-SessionCookieName TuscanyFormAuth domain=.$host; path=/
+SessionCookieName TuscanyFormAuth domain=.$host; path=/; secure; httponly
 SessionCryptoPassphrase $pw
 Require valid-user
 </Location>
 
 <Location /login/dologin>
 SetHandler form-login-handler
+AuthType Form
+AuthName "$host"
+AuthFormProvider socache $providers
+AuthFormLoginRequiredLocation /login/?openauth_attempt=1
+Session On
+Require valid-user
 </Location>
 
 <Location /logout/dologout>
 SetHandler form-logout-handler
+AuthType Form
+AuthName "$host"
+AuthFormLogoutLocation /
+Session On
+Require valid-user
+</Location>
+
+EOF
+
+cat >>$root/conf/pubauth$sslsuffix.conf <<EOF
+# Generated by: open-auth-conf $*
+# Enable Tuscany open authentication
+<Location /login/dologin>
+Session On
+</Location>
+<Location /logout/dologout>
+Session On
 </Location>
 
 EOF

Modified: tuscany/sca-cpp/trunk/modules/http/httpd-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-conf Thu Jan  3 07:42:01 2013
@@ -174,15 +174,6 @@ LoadModule mpm_prefork_module ${modules_
 
 EOF
 
-if [ $uname = "Darwin" ]; then
-    cat >>$root/conf/mpm.conf <<EOF
-# Generated by: httpd-conf $*
-# Set thread stack size
-ThreadStackSize 2097152
-
-EOF
-fi
-
 # Generate modules list
 cat >$root/conf/modules.conf <<EOF
 # Generated by: httpd-conf $*
@@ -269,28 +260,40 @@ cat >$root/conf/pubauth.conf <<EOF
 # Allow everyone to access public locations
 <Location /login>
 AuthType None
+Session Off
 Require all granted
 # Mark login page with a header
 Header set X-Login open-auth
 </Location>
+<Location /login/dologin>
+Session Off
+</Location>
 <Location /logout>
 AuthType None
+Session Off
 Require all granted
 </Location>
+<Location /logout/dologout>
+Session Off
+</Location>
 <Location /public>
 AuthType None
+Session Off
 Require all granted
 </Location>
 <Location /proxy/public>
 AuthType None
+Session Off
 Require all granted
 </Location>
 <Location /favicon.ico>
 AuthType None
+Session Off
 Require all granted
 </Location>
 <Location /robots.txt>
 AuthType None
+Session Off
 Require all granted
 </Location>
 
@@ -322,12 +325,14 @@ cat >$root/conf/noauth.conf <<EOF
 # Allow access to document root
 <Directory "$htdocs">
 AuthType None
+Session Off
 Require all granted
 </Directory>
 
 # Allow everyone to access root location
 <Location />
 AuthType None
+Session Off
 Require all granted
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/httpd-ssl-conf Thu Jan  3 07:42:01 2013
@@ -68,6 +68,7 @@ SSLSessionCacheTimeout 300
 Mutex "file:$root/logs" ssl-cache
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
+SSLCompression Off
 
 # Listen on HTTPS port
 Listen $sslport
@@ -165,7 +166,10 @@ UseCanonicalName Off
 
 # Enable SSL
 SSLEngine on
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLProtocol ALL -SSLv2
+SSLHonorCipherOrder On
+#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
+SSLCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
 BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
 
@@ -188,9 +192,12 @@ ProxyRequests Off
 ProxyPreserveHost On
 ProxyStatus On
 SSLProxyEngine on
-SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLProxyProtocol ALL -SSLv2
+#SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4-SHA:AES128-SHA:HIGH:!MD5:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
+SSLProxyCipherSuite ECDHE-RSA-RC4-SHA:RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:!DHE:!3DES:!EXP:!ADH:!EDH:!aNULL:!eNULL:!NULL
 
 # Verify server certificates
+SSLProxyCACertificateFile "$root/cert/cacert.pem"
 SSLProxyVerify require
 SSLProxyVerifyDepth 1
 SSLProxyCheckPeerCN Off

Modified: tuscany/sca-cpp/trunk/modules/http/open-auth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/open-auth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/open-auth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/open-auth-conf Thu Jan  3 07:42:01 2013
@@ -42,7 +42,7 @@ fi
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2 file"
+    providers="file $2"
 fi
 
 if [ "$3" = "" ]; then
@@ -76,24 +76,42 @@ AuthName "$host"
 AuthOpenAuthProvider socache $providers
 AuthnCacheProvideFor $providers
 AuthnCacheContext /
+AuthOpenAuthLoginPage /login/
 Session On
 SessionCryptoPassphrase $pw
 AuthOpenAuth On
-AuthOpenAuthLoginPage /login/
 Require valid-user
 </Location>
 
 # Use HTTPD form-based authentication
 <Location /login/dologin>
+SetHandler form-login-handler
 AuthType Form
 AuthName "$host"
 AuthFormProvider socache $providers
-AuthnCacheProvideFor $providers
-AuthnCacheContext /
 AuthFormLoginRequiredLocation /login/?openauth_attempt=1
-AuthFormLogoutLocation /
+Session On
 Require valid-user
-SetHandler form-login-handler
+</Location>
+
+<Location /logout/dologout>
+SetHandler mod_tuscany_openauth_logout
+AuthType Open
+AuthName "$host"
+Session On
+Require valid-user
+</Location>
+
+EOF
+
+cat >>$root/conf/pubauth$sslsuffix.conf <<EOF
+# Generated by: open-auth-conf $*
+# Enable Tuscany open authentication
+<Location /login/dologin>
+Session On
+</Location>
+<Location /logout/dologout>
+Session On
 </Location>
 
 EOF

Modified: tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf (original)
+++ tuscany/sca-cpp/trunk/modules/http/ssl-ca-conf Thu Jan  3 07:42:01 2013
@@ -94,3 +94,8 @@ mkdir -p $root/cert/hash
 cp $root/cert/ca.crt $root/cert/hash
 perl /usr/bin/c_rehash $root/cert/hash
 
+# Build CA certificate bundle
+curl_prefix=`cat $here/../http/curl.prefix`
+cp $curl_prefix/lib/cacert.pem $root/cert/cacert.pem
+cat $root/cert/ca.crt >> $root/cert/cacert.pem
+

Modified: tuscany/sca-cpp/trunk/modules/js/js-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/js/js-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/js/js-conf (original)
+++ tuscany/sca-cpp/trunk/modules/js/js-conf Thu Jan  3 07:42:01 2013
@@ -36,18 +36,22 @@ cat >>$root/conf/pubauth.conf <<EOF
 # Generated by: js-conf $*
 <Location /ui-min.css>
 AuthType None
+Session Off
 Require all granted
 </Location>
 <Location /all-min.js>
 AuthType None
+Session Off
 Require all granted
 </Location>
 <Location /proxy/ui-min.css>
 AuthType None
+Session Off
 Require all granted
 </Location>
 <Location /proxy/all-min.js>
 AuthType None
+Session Off
 Require all granted
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/oauth/oauth-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/oauth-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/oauth-conf (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/oauth-conf Thu Jan  3 07:42:01 2013
@@ -42,7 +42,7 @@ fi
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2 file"
+    providers="file $2"
 fi
 
 # Configure HTTPD mod_tuscany_oauth module

Modified: tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf (original)
+++ tuscany/sca-cpp/trunk/modules/oauth/oauth12-conf Thu Jan  3 07:42:01 2013
@@ -42,7 +42,7 @@ fi
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2 file"
+    providers="file $2"
 fi
 
 # Configure HTTPD mod_tuscany_oauth module

Modified: tuscany/sca-cpp/trunk/modules/openid/openid-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/openid/openid-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/openid/openid-conf (original)
+++ tuscany/sca-cpp/trunk/modules/openid/openid-conf Thu Jan  3 07:42:01 2013
@@ -36,7 +36,7 @@ fi
 if [ "$2" = "" ]; then
     providers="file"
 else
-    providers="$2"
+    providers="file $2"
 fi
 
 # Configure HTTPD mod_auth_openid module
@@ -84,6 +84,7 @@ cat >>$root/conf/pubauth$sslsuffix.conf 
 # Allow public access to /openid location
 <Location /openid>
 AuthType None
+Session Off
 Require all granted
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf (original)
+++ tuscany/sca-cpp/trunk/modules/openid/openid-step2-conf Thu Jan  3 07:42:01 2013
@@ -54,6 +54,7 @@ cat >>$root/conf/pubauth$sslsuffix.conf 
 # Allow access to /.well-known/host-meta location
 <Location /.well-known/host-meta>
 AuthType None
+Session Off
 Require all granted
 </Location>
 

Modified: tuscany/sca-cpp/trunk/modules/server/server-conf
URL: http://svn.apache.org/viewvc/tuscany/sca-cpp/trunk/modules/server/server-conf?rev=1428194&r1=1428193&r2=1428194&view=diff
==============================================================================
--- tuscany/sca-cpp/trunk/modules/server/server-conf (original)
+++ tuscany/sca-cpp/trunk/modules/server/server-conf Thu Jan  3 07:42:01 2013
@@ -42,7 +42,7 @@ ssl=`cat $root/conf/httpd.conf | grep "#
 if [ "$ssl" != "" ]; then
     cat >>$root/conf/httpd.conf <<EOF
 # Configure SSL certificates
-SCAWiringSSLCACertificateFile "$root/cert/ca.crt"
+SCAWiringSSLCACertificateFile "$root/cert/cacert.pem"
 SCAWiringSSLCertificateFile "$root/cert/server.crt"
 SCAWiringSSLCertificateKeyFile "$root/cert/server.key"