diff options
| author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2012-07-16 06:47:49 +0000 |
|---|---|---|
| committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2012-07-16 06:47:49 +0000 |
| commit | 11522a4b90a4056319cdbc204fffc63780cbfa51 (patch) | |
| tree | fde77f10429bc13b042d6ac779f0b89149c8334d /sca-cpp/trunk/hosting | |
| parent | f82576588fc9672a011655e709179eb43e5ab5b4 (diff) | |
Add an HTTPD auth provider allowing the authentication logic to be implemented by a component, and cleanup the SSL and mod-security config a bit.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1361915 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/hosting')
15 files changed, 348 insertions, 108 deletions
diff --git a/sca-cpp/trunk/hosting/server/Makefile.am b/sca-cpp/trunk/hosting/server/Makefile.am index d140895dcd..d6e15f819b 100644 --- a/sca-cpp/trunk/hosting/server/Makefile.am +++ b/sca-cpp/trunk/hosting/server/Makefile.am @@ -18,16 +18,18 @@ if WANT_PYTHON moddir = $(prefix)/hosting/server -dist_mod_SCRIPTS = start stop ssl-start mkapplinks config-backup data-backup +dist_mod_SCRIPTS = start stop ssl-start mkapplinks config-backup data-backup put-auth get-auth delete-auth -not_minified = htdocs/public/iframe.html htdocs/create/index.html htdocs/page/index.html htdocs/login/index.html htdocs/public/notfound/index.html htdocs/public/oops/index.html htdocs/proxy/public/oops/index.html htdocs/graph/index.html htdocs/public/notauth/index.html htdocs/account/index.html htdocs/home/index.html htdocs/index.html htdocs/public/notyet/index.html htdocs/clone/index.html htdocs/delete/index.html htdocs/stats/index.html htdocs/app/index.html htdocs/store/index.html htdocs/config.js htdocs/public/config.js +not_minified = htdocs/public/iframe.html htdocs/create/index.html htdocs/page/index.html htdocs/login/index.html htdocs/public/notfound/index.html htdocs/public/oops/index.html htdocs/proxy/public/oops/index.html htdocs/graph/index.html htdocs/public/notauth/index.html htdocs/account/index.html htdocs/home/index.html htdocs/index.html htdocs/public/notyet/index.html htdocs/clone/index.html htdocs/delete/index.html htdocs/stats/index.html htdocs/app/index.html htdocs/store/index.html htdocs/config.js htdocs/public/config.js htdocs/cache-template.cmf htdocs/app/cache-template.cmf htdocs/cache-template.cmf htdocs/app/cache-template.cmf minified = htdocs/public/iframe-min.html htdocs/create/index-min.html htdocs/page/index-min.html htdocs/login/index-min.html htdocs/public/notfound/index-min.html htdocs/public/oops/index-min.html htdocs/proxy/public/oops/index-min.html htdocs/graph/index-min.html htdocs/public/notauth/index-min.html htdocs/account/index-min.html htdocs/home/index-min.html htdocs/index-min.html htdocs/public/notyet/index-min.html htdocs/clone/index-min.html htdocs/delete/index-min.html htdocs/stats/index-min.html htdocs/app/index-min.html htdocs/store/index-min.html htdocs/config-min.js htdocs/public/config-min.js -resources = server.composite *.py htdocs/*.cmf htdocs/*.ico htdocs/home/*.png htdocs/app/*.cmf htdocs/home/*.b64 htdocs/*.txt htdocs/public/*.png htdocs/public/*.b64 data/palettes/*/palette.composite data/accounts/*/*.account data/apps/*/app.composite data/apps/*/app.stats data/apps/*/htdocs/app.html data/dashboards/*/user.apps data/store/*/store.apps ${not_minified} ${minified} +js_minified = ../../modules/js/htdocs/all-min.js ../../modules/js/htdocs/ui-min.css + +resources = server.composite *.py data/palettes/*/palette.composite data/accounts/*/*.account data/apps/*/app.composite data/apps/*/app.stats data/apps/*/htdocs/app.html data/dashboards/*/user.apps data/store/*/store.apps htdocs/cache-manifest.cmf htdocs/app/cache-manifest.cmf htdocs/*.ico htdocs/home/*.png htdocs/home/*.b64 htdocs/*.txt htdocs/public/*.png htdocs/public/*.b64 ${minified} nobase_dist_mod_DATA = ${resources} -EXTRA_DIST = ${resources} +EXTRA_DIST = ${resources} ${not_minified} SUFFIXES = -min.html -min.js .html-min.html: @@ -36,9 +38,29 @@ SUFFIXES = -min.html -min.js .js-min.js: ../../modules/http/minify-js $< $@ -CLEANFILES = ${minified} +htdocs/cache-manifest.cmf: htdocs/cache-template.cmf ${minified} ${js_minified} + ../../modules/http/cache-manifest htdocs $^ + +htdocs/app/cache-manifest.cmf: htdocs/app/cache-template.cmf ${minified} ${js_minified} + ../../modules/http/cache-manifest htdocs/app $^ + +nuvem: + ln -s "../../../nuvem/nuvem-parallel/nuvem" "nuvem" + +lib: + ln -s "../../components" "lib" + +install-data-hook: + cd $(moddir); rm -f nuvem; ln -s "../../../nuvem/nuvem-parallel/nuvem" "nuvem" + cd $(moddir); rm -f lib; ln -s "../../components" "lib" + +CLEANFILES = ${minified} nuvem lib htdocs/cache-manifest.cmf htdocs/app/cache-manifest.cmf + +client_test_SOURCES = client-test.cpp +client_test_LDFLAGS = -lxml2 -lcurl -lmozjs -dist_noinst_SCRIPTS = server-test test.py -TESTS = server-test +dist_noinst_SCRIPTS = logic-test server-test test.py +noinst_PROGRAMS = client-test +TESTS = logic-test endif diff --git a/sca-cpp/trunk/hosting/server/authn.py b/sca-cpp/trunk/hosting/server/authn.py new file mode 100644 index 0000000000..4d4f34b9fb --- /dev/null +++ b/sca-cpp/trunk/hosting/server/authn.py @@ -0,0 +1,40 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# User authenticator implementation +from time import strftime +from util import * + +# Convert a particular user id to an authentication id +def authnid(id): + return append(append(('authn',), id), ('user.authn',)) + +# Get a user's authentication +def get(id, cache): + authn = cache.get(authnid(id)) + if isNil(authn) or authn is None: + return None + return authn + +# Update a user's authentication +def put(id, authn, cache): + return cache.put(authnid(id), authn) + +# Delete a user's authentication +def delete(id, cache): + return cache.delete(authnid(id)) + diff --git a/sca-cpp/trunk/hosting/server/data/accounts/admin/user.account b/sca-cpp/trunk/hosting/server/data/accounts/admin/user.account new file mode 100644 index 0000000000..4f4a754a92 --- /dev/null +++ b/sca-cpp/trunk/hosting/server/data/accounts/admin/user.account @@ -0,0 +1 @@ +((entry (title "Admin") (id "admin"))) diff --git a/sca-cpp/trunk/hosting/server/data/accounts/jane/user.account b/sca-cpp/trunk/hosting/server/data/accounts/jane/user.account new file mode 100644 index 0000000000..a3cf7e2c3d --- /dev/null +++ b/sca-cpp/trunk/hosting/server/data/accounts/jane/user.account @@ -0,0 +1 @@ +((entry (title "Jane Doe") (id "jane") (content (account (description "This is Jane") (keys (key (((@name "key1") (@value "value1")) ((@name "key2") (@value "value2")) ((@name "key3") (@value "value3")) ((@name "") (@value "")) ((@name "") (@value ""))))))))) diff --git a/sca-cpp/trunk/hosting/server/data/accounts/jane@localhost/user.account b/sca-cpp/trunk/hosting/server/data/accounts/jane@localhost/user.account deleted file mode 100644 index 5fca389f04..0000000000 --- a/sca-cpp/trunk/hosting/server/data/accounts/jane@localhost/user.account +++ /dev/null @@ -1 +0,0 @@ -((entry (title "Jane Doe") (id "jane@localhost"))) diff --git a/sca-cpp/trunk/hosting/server/data/accounts/jane@sca-store.com/user.account b/sca-cpp/trunk/hosting/server/data/accounts/jane@sca-store.com/user.account deleted file mode 100644 index e0d25671b6..0000000000 --- a/sca-cpp/trunk/hosting/server/data/accounts/jane@sca-store.com/user.account +++ /dev/null @@ -1 +0,0 @@ -((entry (title "Jane Doe") (id "jane@sca-store.com") (content (account (description "This is Jane") (keys (key (((@name "key1") (@value "value1")) ((@name "key2") (@value "value2")) ((@name "key3") (@value "value3")) ((@name "") (@value "")) ((@name "") (@value "")))))))))
\ No newline at end of file diff --git a/sca-cpp/trunk/hosting/server/data/accounts/john/user.account b/sca-cpp/trunk/hosting/server/data/accounts/john/user.account new file mode 100644 index 0000000000..9989daa228 --- /dev/null +++ b/sca-cpp/trunk/hosting/server/data/accounts/john/user.account @@ -0,0 +1 @@ +((entry (title "John Doe") (id "john") (content (account (description "This is John") (keys (key (((@name "key1") (@value "value1")) ((@name "key2") (@value "value2")) ((@name "key3") (@value "value3")) ((@name "key4") (@value "value4")) ((@name "key5") (@value "value5"))))))))) diff --git a/sca-cpp/trunk/hosting/server/data/accounts/john@localhost/user.account b/sca-cpp/trunk/hosting/server/data/accounts/john@localhost/user.account deleted file mode 100644 index 35d6f30f0b..0000000000 --- a/sca-cpp/trunk/hosting/server/data/accounts/john@localhost/user.account +++ /dev/null @@ -1 +0,0 @@ -((entry (title "John Doe") (id "john@localhost"))) diff --git a/sca-cpp/trunk/hosting/server/data/accounts/john@sca-store.com/user.account b/sca-cpp/trunk/hosting/server/data/accounts/john@sca-store.com/user.account deleted file mode 100644 index 273335e1c7..0000000000 --- a/sca-cpp/trunk/hosting/server/data/accounts/john@sca-store.com/user.account +++ /dev/null @@ -1 +0,0 @@ -((entry (title "John Doe") (id "john@sca-store.com") (content (account (description "This is John") (keys (key (((@name "key1") (@value "value1")) ((@name "key2") (@value "value2")) ((@name "key3") (@value "value3")) ((@name "key4") (@value "value4")) ((@name "key5") (@value "value5")))))))))
\ No newline at end of file diff --git a/sca-cpp/trunk/hosting/server/delete-auth b/sca-cpp/trunk/hosting/server/delete-auth new file mode 100755 index 0000000000..407d730c80 --- /dev/null +++ b/sca-cpp/trunk/hosting/server/delete-auth @@ -0,0 +1,61 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` +mkdir -p $1 +root=`echo "import os; print os.path.realpath('$1')" | python` +admin=$2 +apass=$3 +user=$4 + +httpd_prefix=`cat $here/../../modules/http/httpd.prefix` + +conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + scheme="http" + addr=`echo $conf | awk '{ print $7 }'` + host=`$here/../../modules/http/httpd-addr ip $addr` + if [ "$host" = "" ]; then + host="localhost" + fi + port=`$here/../../modules/http/httpd-addr port $addr` +else + scheme="https" + ssladdr=`echo $sslconf | awk '{ print $6 }'` + host=`$here/../../modules/http/httpd-addr ip $ssladdr` + if [ "$host" = "" ]; then + host="localhost" + fi + port=`$here/../../modules/http/httpd-addr port $ssladdr` +fi + +# Compute user id +slash=`echo $user | grep "/"` +if [ "$slash" = "" ]; then + id="\"$user\"" + upath=$user +else + id=`echo $user | awk -F "/" '{ printf "\"%s\" \"%s\"", $2, $3 }'` + upath=`echo $user | awk -F "/" '{ printf "%s/%s", $2, $3 }'` +fi + +# Delete user auth +curl -k -L -u $admin:$apass -X DELETE -H "X-Forwarded-Server: $host" $scheme://$host:$port/c/Authenticator/$upath + diff --git a/sca-cpp/trunk/hosting/server/get-auth b/sca-cpp/trunk/hosting/server/get-auth new file mode 100755 index 0000000000..2be546f91f --- /dev/null +++ b/sca-cpp/trunk/hosting/server/get-auth @@ -0,0 +1,62 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` +mkdir -p $1 +root=`echo "import os; print os.path.realpath('$1')" | python` +admin=$2 +apass=$3 +user=$4 + +httpd_prefix=`cat $here/../../modules/http/httpd.prefix` + +conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` + +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + scheme="http" + addr=`echo $conf | awk '{ print $7 }'` + host=`$here/../../modules/http/httpd-addr ip $addr` + if [ "$host" = "" ]; then + host="localhost" + fi + port=`$here/../../modules/http/httpd-addr port $addr` +else + scheme="https" + ssladdr=`echo $sslconf | awk '{ print $6 }'` + host=`$here/../../modules/http/httpd-addr ip $ssladdr` + if [ "$host" = "" ]; then + host="localhost" + fi + port=`$here/../../modules/http/httpd-addr port $ssladdr` +fi + +# Compute user id +slash=`echo $user | grep "/"` +if [ "$slash" = "" ]; then + id="\"$user\"" + upath=$user +else + id=`echo $user | awk -F "/" '{ printf "\"%s\" \"%s\"", $2, $3 }'` + upath=`echo $user | awk -F "/" '{ printf "%s/%s", $2, $3 }'` +fi + +# Get user auth +curl -k -L -u $admin:$apass -H "X-Forwarded-Server: $host" $scheme://$host:$port/c/Authenticator/$upath + diff --git a/sca-cpp/trunk/hosting/server/put-auth b/sca-cpp/trunk/hosting/server/put-auth new file mode 100755 index 0000000000..351c9b7d7a --- /dev/null +++ b/sca-cpp/trunk/hosting/server/put-auth @@ -0,0 +1,80 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` +mkdir -p $1 +root=`echo "import os; print os.path.realpath('$1')" | python` +admin=$2 +apass=$3 +user=$4 +upass=$5 + +httpd_prefix=`cat $here/../../modules/http/httpd.prefix` + +conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + scheme="http" + addr=`echo $conf | awk '{ print $7 }'` + host=`$here/../../modules/http/httpd-addr ip $addr` + if [ "$host" = "" ]; then + host="localhost" + fi + port=`$here/../../modules/http/httpd-addr port $addr` +else + scheme="https" + ssladdr=`echo $sslconf | awk '{ print $6 }'` + host=`$here/../../modules/http/httpd-addr ip $ssladdr` + if [ "$host" = "" ]; then + host="localhost" + fi + port=`$here/../../modules/http/httpd-addr port $ssladdr` +fi + +# Get password hash +rm -f $root/conf/auth.passwd +touch $root/conf/auth.passwd +$httpd_prefix/bin/htpasswd -b $root/conf/auth.passwd "$user" "$upass" 2>/dev/null +hash=`cat $root/conf/auth.passwd | awk -F ":" '{ print $2 }'` +rm -f $root/conf/auth.passwd + +# Compute user id +slash=`echo $user | grep "/"` +if [ "$slash" = "" ]; then + id="\"$user\"" + upath=$user +else + id=`echo $user | awk -F "/" '{ printf "\"%s\" \"%s\"", $2, $3 }'` + upath=`echo $user | awk -F "/" '{ printf "%s/%s", $2, $3 }'` +fi + +# Put user auth +cat >$root/conf/auth.entry <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<entry xmlns="http://www.w3.org/2005/Atom"> + <title type="text">$user</title> + <id>$user</id> + <content type="application/xml"> + <hash>$hash</hash> + </content> +</entry> +EOF +curl -k -L -u $admin:$apass -X PUT -H "X-Forwarded-Server: $host" --data-binary @$root/conf/auth.entry $scheme://$host:$port/c/Authenticator/$upath +rm $root/conf/auth.entry + diff --git a/sca-cpp/trunk/hosting/server/server.composite b/sca-cpp/trunk/hosting/server/server.composite index 0806a2fa4b..7e4d7196d0 100644 --- a/sca-cpp/trunk/hosting/server/server.composite +++ b/sca-cpp/trunk/hosting/server/server.composite @@ -31,12 +31,9 @@ <property name="lastname">?</property> <property name="realm">?</property> <property name="host">?</property> - <service name="User"> - <binding.http uri="user"/> - </service> </component> - <component name="EditWidget"> + <component name="Editor"> <implementation.widget location="/index.html"/> <reference name="user" target="User"/> <reference name="accounts" target="Accounts"/> @@ -49,7 +46,7 @@ <reference name="log" target="Log"/> </component> - <component name="AppWidget"> + <component name="App"> <implementation.widget location="/app/index.html"/> <reference name="user" target="User"/> <reference name="pages" target="Pages"/> @@ -59,18 +56,17 @@ <component name="Accounts"> <implementation.python script="accounts.py"/> - <service name="Accounts"> - <binding.http uri="accounts"/> - </service> <reference name="user" target="User"/> <reference name="cache" target="Cache"/> </component> + <component name="Authenticator"> + <implementation.python script="authn.py"/> + <reference name="cache" target="Cache"/> + </component> + <component name="Dashboards"> <implementation.python script="dashboards.py"/> - <service name="Dashboards"> - <binding.http uri="dashboards"/> - </service> <reference name="user" target="User"/> <reference name="cache" target="Cache"/> <reference name="apps" target="Apps"/> @@ -78,9 +74,6 @@ <component name="AppStore"> <implementation.python script="store.py"/> - <service name="AppStore"> - <binding.http uri="appstore"/> - </service> <reference name="user" target="User"/> <reference name="cache" target="Cache"/> <reference name="apps" target="Apps"/> @@ -88,9 +81,6 @@ <component name="Apps"> <implementation.python script="apps.py"/> - <service name="Apps"> - <binding.http uri="apps"/> - </service> <reference name="user" target="User"/> <reference name="cache" target="Cache"/> <reference name="dashboard" target="Dashboards"/> @@ -101,9 +91,6 @@ <component name="Composites"> <implementation.python script="composites.py"/> - <service name="Composites"> - <binding.http uri="composites"/> - </service> <reference name="user" target="User"/> <reference name="cache" target="Doccache"/> <reference name="apps" target="Apps"/> @@ -111,9 +98,6 @@ <component name="Pages"> <implementation.python script="pages.py"/> - <service name="Pages"> - <binding.http uri="pages"/> - </service> <reference name="user" target="User"/> <reference name="cache" target="Doccache"/> <reference name="apps" target="Apps"/> @@ -121,17 +105,11 @@ <component name="Palettes"> <implementation.python script="palettes.py"/> - <service name="Palettes"> - <binding.http uri="palettes"/> - </service> <reference name="cache" target="Doccache"/> </component> <component name="Cache"> <implementation.cpp path="../../components/cache" library="libdatacache"/> - <service name="Cache"> - <binding.http uri="cache"/> - </service> <reference name="l1reader" target="Memcache"/> <reference name="l1writer" target="Memcache"/> <reference name="l2reader" target="Database"/> @@ -140,9 +118,6 @@ <component name="Doccache"> <implementation.cpp path="../../components/cache" library="libdatacache"/> - <service name="Doccache"> - <binding.http uri="doccache"/> - </service> <reference name="l1reader" target="Memcache"/> <reference name="l1writer" target="Memcache"/> <reference name="l2reader" target="Documents"/> @@ -151,9 +126,6 @@ <component name="Memcache"> <implementation.cpp path="../../components/cache" library="libmemcache"/> - <service name="Memcache"> - <binding.http uri="memcache"/> - </service> <property name="server">localhost:11211</property> <property name="server">localhost:11212</property> </component> @@ -162,25 +134,16 @@ <implementation.cpp path="../../components/filedb" library="libfiledb"/> <property name="dbname">data</property> <property name="format">scheme</property> - <service name="Database"> - <binding.http uri="database"/> - </service> </component> <component name="Documents"> <implementation.cpp path="../../components/filedb" library="libfiledb"/> <property name="dbname">data</property> <property name="format">xml</property> - <service name="Documents"> - <binding.http uri="documents"/> - </service> </component> <component name="Log"> <implementation.python script="log.py"/> - <service name="Log"> - <binding.http uri="log"/> - </service> </component> </composite> diff --git a/sca-cpp/trunk/hosting/server/ssl-start b/sca-cpp/trunk/hosting/server/ssl-start index b80b2adf40..d699089847 100755 --- a/sca-cpp/trunk/hosting/server/ssl-start +++ b/sca-cpp/trunk/hosting/server/ssl-start @@ -22,7 +22,6 @@ # 127.0.0.1 www.example.com here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` -jsprefix=`echo "import os; print os.path.realpath('$here/../../modules/js')" | python` host=`hostname` # Create SSL certificates @@ -41,39 +40,33 @@ fi ../../components/cache/memcached-start tmp 11211 ../../components/cache/memcached-start tmp 11212 +# Clear document cache +rm -rf tmp/cache + # Configure server ../../modules/http/httpd-conf tmp www.example.com 8090 htdocs +../../modules/http/alt-host-conf tmp ww1.example.com +../../modules/http/alt-host-conf tmp ww2.example.com ../../modules/http/httpd-event-conf tmp +#../../modules/http/cache-conf tmp ../../modules/http/httpd-ssl-conf tmp 8453 +#../../modules/http/cache-ssl-conf tmp # Configure HTTP basic auth -../../modules/http/basic-auth-conf tmp +../../modules/http/basic-auth-conf tmp component # Configure OAuth authentication # Configure your OAuth app keys here -../../modules/oauth/oauth-conf tmp +../../modules/oauth/oauth-conf tmp component ../../modules/oauth/oauth-memcached-conf tmp localhost 11212 ../../modules/oauth/oauth2-appkey-conf tmp facebook.com 12345 67890 ../../modules/oauth/oauth2-appkey-conf tmp google.com 12345 67890 -# Configure password authentication -../../modules/http/open-auth-conf tmp -../../modules/http/passwd-auth-conf tmp john john -../../modules/http/passwd-auth-conf tmp jane jane -../../modules/http/passwd-auth-conf tmp admin admin - -# Configure OpenID step2 authentication -../../modules/openid/openid-conf tmp -../../modules/openid/openid-step2-conf tmp -../../modules/openid/openid-memcached-conf tmp localhost 11212 +# Configure form-based authentication +../../modules/http/open-auth-conf tmp component 80b67f38-b79e-4a72-bb5c-22c69fb00820 -# Configure authorized users -../../modules/http/group-auth-conf tmp john -../../modules/http/group-auth-conf tmp jane -../../modules/http/group-auth-conf tmp admin -# Configure the email addresses associated with your OpenID and OAuth ids here -../../modules/http/group-auth-conf tmp john@example.com -../../modules/http/group-auth-conf tmp jane@example.com +# Configure authorized admins +../../modules/http/passwd-auth-conf tmp admin admin # Configure mod-security #../../modules/http/mod-security-conf tmp @@ -103,26 +96,6 @@ SecAuditLog "|$here/../../components/log/scribe-cat $host secaudit" EOF -else - cat >tmp/conf/log.conf <<EOF -# Generated by: ssl=start $* -ErrorLog $here/tmp/logs/error_log -CustomLog $here/tmp/logs/access_log combined - -EOF - - cat >tmp/conf/log-ssl.conf <<EOF -# Generated by: ssl-start $* -CustomLog $here/tmp/logs/ssl_access_log sslcombined - -EOF - - cat >tmp/conf/mod-security-log.conf <<EOF -# Generated by: ssl-start $* -SecAuditLog $here/tmp/logs/secaudit_log - -EOF - fi #../../modules/http/httpd-loglevel-conf tmp debug @@ -143,10 +116,11 @@ cat >>tmp/conf/svhost-ssl.conf <<EOF ErrorDocument 404 /public/notfound/ ErrorDocument 401 /public/notauth/ ErrorDocument 403 /public/notauth/ +ErrorDocument 400 /public/oops/ +ErrorDocument 405 /public/oops/ ErrorDocument 500 /public/oops/ ErrorDocument 502 /public/oops/ ErrorDocument 503 /public/oops/ -ErrorDocument 405 /public/oops/ EOF @@ -160,6 +134,12 @@ SCAComposite server.composite # Configure SCA Composite for mass dynamic virtual Hosting SCAVirtualContributor Composites +# Configure SCA Authenticator component +SCAAuthenticator Authenticator + +# Configure SCA wiring timeout +SCAWiringTimeout 10 + EOF # Configure resource aliases @@ -172,14 +152,6 @@ Alias /proxy/public/config-min.js $here/public/config-min.js EOF -# Create app implementation resource links -if [ ! -e "nuvem" ]; then - ln -s "../../../nuvem/nuvem-parallel/nuvem" "nuvem" -fi -if [ ! -e "lib" ]; then - ln -s "../../components" "lib" -fi - # Configure app resource aliases cat >>tmp/conf/svhost-ssl.conf <<EOF # Generated by: ssl-start $* @@ -188,6 +160,49 @@ AliasMatch /v/([^/]+)(.*)$ $here/htdocs/app\$2 EOF +# Configure admin access to server status and info +cat >tmp/conf/adminauth.conf <<EOF +# Generated by: ssl-start $* +# Allow the server admin to view the server status and info +<Location /server-status> +AuthType None +Require all granted +</Location> + +<Location /server-info> +AuthType None +Require all granted +</Location> + +EOF + +# Configure admin access to components +cat >>tmp/conf/locauth-ssl.conf <<EOF +# Generated by: ssl-start $* +# Allow the server admin to access all components +<Location /c> +Require user admin +</Location> +<Location /r> +Require user admin +</Location> +<Location /r/Editor> +Require valid-user +</Location> +<Location /r/App> +Require valid-user +</Location> +EOF + # Start server ../../modules/http/httpd-start tmp +sleep 2 + +# Configure authorized users +./put-auth tmp admin admin admin admin +./put-auth tmp admin admin john john +./put-auth tmp admin admin jane jane +# Configure the email addresses associated with your OAuth ids here +./put-auth tmp admin admin /oauth1/john@example.com password +./put-auth tmp admin admin /oauth2/jane@example.com password diff --git a/sca-cpp/trunk/hosting/server/user.py b/sca-cpp/trunk/hosting/server/user.py index 9be48b33da..8038e43563 100644 --- a/sca-cpp/trunk/hosting/server/user.py +++ b/sca-cpp/trunk/hosting/server/user.py @@ -21,9 +21,7 @@ def get(i, user, email, nick, full, first, last, realm, host): if email.eval() != '?': return email.eval() - if nick.eval() != '?': - return nick.eval() + '@' + realm.eval() if user.eval() != '?': - return user.eval() + '@' + realm.eval() - return 'anonymous@' + host.eval(); + return user.eval() + return 'anonymous' |