You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Romain Manni-Bucau <rm...@gmail.com> on 2012/05/16 11:05:19 UTC
Fwd: svn commit: r1339067 - in /openejb/trunk/openejb/tomee:
tomee-common/src/main/java/org/apache/tomee/installer/ tomee-plus-webapp/src/main/resources/META-INF/
tomee-webapp/src/main/resources/META-INF/ tomee-webapp/src/main/webapp/WEB-INF/
Hi,
i added a default user tomee/tomee to log on the tomee webapp. The goal was
to avoid to need the context.xml we had with a valve limitating the
accesses to localhost.
the /ejb context is not protected by default to let remote invocation
working out of the box.
Any feedback is welcomed
- Romain
---------- Forwarded message ----------
From: <rm...@apache.org>
Date: 2012/5/16
Subject: svn commit: r1339067 - in /openejb/trunk/openejb/tomee:
tomee-common/src/main/java/org/apache/tomee/installer/
tomee-plus-webapp/src/main/resources/META-INF/
tomee-webapp/src/main/resources/META-INF/
tomee-webapp/src/main/webapp/WEB-INF/
To: commits@openejb.apache.org
Author: rmannibucau
Date: Wed May 16 09:00:51 2012
New Revision: 1339067
URL: http://svn.apache.org/viewvc?rev=1339067&view=rev
Log:
TOMEE-192 removing valve preventing connection to tomee webapp with an host
different from localhost
Removed:
openejb/trunk/openejb/tomee/tomee-plus-webapp/src/main/resources/META-INF/context.xml
Modified:
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java
openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml
openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
Modified:
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java?rev=1339067&r1=1339066&r2=1339067&view=diff
==============================================================================
---
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
(original)
+++
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
Wed May 16 09:00:51 2012
@@ -99,11 +99,44 @@ public class Installer {
removeTomcatLibJar("el-api.jar");
addJavaeeInEndorsed();
+ addTomEEAdminConfInTomcatUsers();
+
if (!alerts.hasErrors()) {
status = Status.REBOOT_REQUIRED;
}
}
+ public void addTomEEAdminConfInTomcatUsers() {
+ // read server.xml
+ String tomcatUsersXml =
Installers.readAll(paths.getTomcatUsersXml(), alerts);
+
+ // server xml will be null if we couldn't read the file
+ if (tomcatUsersXml == null) {
+ return;
+ }
+
+ if (tomcatUsersXml.contains("tomee-admin")) {
+ alerts.addWarning("Can't add tomee user to tomcat-users.xml");
+ return;
+ }
+
+ // if we can't backup the file, do not modify it
+ if (!Installers.backup(paths.getTomcatUsersXml(), alerts)) {
+ return;
+ }
+
+ // add our listener
+ final String newTomcatUsers =
tomcatUsersXml.replace("</tomcat-users>",
+ " <role rolename=\"tomee-admin\" />\n" +
+ " <user username=\"tomee\" password=\"tomee\"
roles=\"tomee-admin\" />" +
+ "\n</tomcat-users>\n");
+
+ // overwrite server.xml
+ if (Installers.writeAll(paths.getTomcatUsersXml(), newTomcatUsers,
alerts)) {
+ alerts.addInfo("Add tomee user to tomcat-users.xml");
+ }
+ }
+
public void installFull() {
installListener("org.apache.tomee.catalina.ServerListener");
@@ -116,6 +149,8 @@ public class Installer {
addJavaeeInEndorsed();
moveLibs();
+ addTomEEAdminConfInTomcatUsers();
+
if (!alerts.hasErrors()) {
status = Status.REBOOT_REQUIRED;
}
Modified:
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java?rev=1339067&r1=1339066&r2=1339067&view=diff
==============================================================================
---
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java
(original)
+++
openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java
Wed May 16 09:00:51 2012
@@ -54,6 +54,8 @@ public class Paths {
private File openEJBWebLibDir;
+ private File tomcatUsersXml;
+
public Paths(File openejbWarDir) {
this.openejbWarDir = openejbWarDir;
}
@@ -445,4 +447,15 @@ public class Paths {
}
return openEJBWebLibDir;
}
+
+ public File getTomcatUsersXml() {
+ if (tomcatUsersXml == null) {
+ final File confdir = getCatalinaConfDir();
+ if (confdir == null) {
+ return null;
+ }
+ tomcatUsersXml = new File(confdir, "tomcat-users.xml");
+ }
+ return tomcatUsersXml;
+ }
}
Modified:
openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml?rev=1339067&r1=1339066&r2=1339067&view=diff
==============================================================================
---
openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml
(original)
+++
openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml
Wed May 16 09:00:51 2012
@@ -17,5 +17,7 @@
limitations under the License.
-->
<Context>
+ <!-- commenting since web.xml security should be enough by default
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/>
+ -->
</Context>
Modified:
openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml?rev=1339067&r1=1339066&r2=1339067&view=diff
==============================================================================
---
openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
(original)
+++
openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml
Wed May 16 09:00:51 2012
@@ -19,68 +19,131 @@
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0" metadata-complete="true">
+ version="3.0" metadata-complete="true">
- <display-name>OpenEJB Loader Application</display-name>
+ <display-name>OpenEJB Loader Application</display-name>
- <listener>
-
<listener-class>org.apache.tomee.loader.listener.UserSessionListener</listener-class>
- </listener>
-
- <servlet>
- <servlet-name>LoaderServlet</servlet-name>
-
<servlet-class>org.apache.tomee.loader.LoaderServlet</servlet-class>
- <load-on-startup>0</load-on-startup>
- </servlet>
-
- <servlet>
- <servlet-name>ServerServlet</servlet-name>
-
<servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
- </servlet>
-
- <servlet>
- <servlet-name>InstallerServlet</servlet-name>
-
<servlet-class>org.apache.tomee.installer.InstallerServlet</servlet-class>
- </servlet>
-
- <servlet>
- <servlet-name>WsConsole</servlet-name>
-
<servlet-class>org.apache.tomee.loader.servlet.ConsoleServlet</servlet-class>
- </servlet>
-
- <servlet>
- <servlet-name>WsJndi</servlet-name>
-
<servlet-class>org.apache.tomee.loader.servlet.JndiServlet</servlet-class>
- </servlet>
-
- <servlet>
- <servlet-name>WsTest</servlet-name>
-
<servlet-class>org.apache.tomee.loader.servlet.TestServlet</servlet-class>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>ServerServlet</servlet-name>
- <url-pattern>/ejb/*</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>InstallerServlet</servlet-name>
- <url-pattern>/installer</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>WsConsole</servlet-name>
- <url-pattern>/ws/console/*</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>WsJndi</servlet-name>
- <url-pattern>/ws/jndi/*</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>WsTest</servlet-name>
- <url-pattern>/ws/test/*</url-pattern>
- </servlet-mapping>
+ <listener>
+
<listener-class>org.apache.tomee.loader.listener.UserSessionListener</listener-class>
+ </listener>
+
+ <servlet>
+ <servlet-name>LoaderServlet</servlet-name>
+ <servlet-class>org.apache.tomee.loader.LoaderServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+
+ <servlet>
+ <servlet-name>ServerServlet</servlet-name>
+
<servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>InstallerServlet</servlet-name>
+
<servlet-class>org.apache.tomee.installer.InstallerServlet</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>WsConsole</servlet-name>
+
<servlet-class>org.apache.tomee.loader.servlet.ConsoleServlet</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>WsJndi</servlet-name>
+
<servlet-class>org.apache.tomee.loader.servlet.JndiServlet</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>WsTest</servlet-name>
+
<servlet-class>org.apache.tomee.loader.servlet.TestServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>ServerServlet</servlet-name>
+ <url-pattern>/ejb/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>InstallerServlet</servlet-name>
+ <url-pattern>/installer</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>WsConsole</servlet-name>
+ <url-pattern>/ws/console/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>WsJndi</servlet-name>
+ <url-pattern>/ws/jndi/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>WsTest</servlet-name>
+ <url-pattern>/ws/test/*</url-pattern>
+ </servlet-mapping>
+
+ <!-- basic security to replace context.xml and allow remote accesses -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Installer</web-resource-name>
+ <url-pattern>/installer</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>tomee-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Webservices</web-resource-name>
+ <url-pattern>/ws/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>tomee-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Interface</web-resource-name>
+ <url-pattern>*.jsp</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>tomee-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Style</web-resource-name>
+ <url-pattern>/css/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>tomee-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Images</web-resource-name>
+ <url-pattern>/images/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>tomee-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Javascript</web-resource-name>
+ <url-pattern>/js/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>tomee-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>TomEE Webapp</realm-name>
+ </login-config>
+ <security-role>
+ <role-name>tomee-admin</role-name>
+ </security-role>
</web-app>