diff options
Diffstat (limited to 'sca-cpp/trunk/modules/http')
| -rwxr-xr-x | sca-cpp/trunk/modules/http/basic-auth-conf | 11 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/cert-auth-conf | 11 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/form-auth-conf | 11 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/group-auth-conf | 13 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/htdocs/login/index.html | 1 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/htdocs/logout/index.html | 1 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 20 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-loglevel-conf | 32 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 30 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/open-auth-conf | 11 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/vhost-conf | 10 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/vhost-ssl-conf | 10 |
12 files changed, 142 insertions, 19 deletions
diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf index f376124da7..77ca054f1c 100755 --- a/sca-cpp/trunk/modules/http/basic-auth-conf +++ b/sca-cpp/trunk/modules/http/basic-auth-conf @@ -25,15 +25,22 @@ root=`echo "import os; print os.path.realpath('$1')" | python` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + sslsuffix="" +else + sslsuffix="-ssl" +fi + # Disallow public access to server resources -cat >$root/conf/noauth.conf <<EOF +cat >$root/conf/noauth$sslsuffix.conf <<EOF # Generated by: basic-auth-conf $* # Disallow public access to server resources EOF # Generate basic authentication configuration -cat >>$root/conf/auth.conf <<EOF +cat >>$root/conf/locauth$sslsuffix.conf <<EOF # Generated by: basic-auth-conf $* # Require clients to present a userid + password for HTTP # basic authentication diff --git a/sca-cpp/trunk/modules/http/cert-auth-conf b/sca-cpp/trunk/modules/http/cert-auth-conf index 4959fab14a..514e46324f 100755 --- a/sca-cpp/trunk/modules/http/cert-auth-conf +++ b/sca-cpp/trunk/modules/http/cert-auth-conf @@ -25,15 +25,22 @@ root=`echo "import os; print os.path.realpath('$1')" | python` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + sslsuffix="" +else + sslsuffix="-ssl" +fi + # Disallow public access to server resources -cat >$root/conf/noauth.conf <<EOF +cat >$root/conf/noauth$sslsuffix.conf <<EOF # Generated by: cert-auth-conf $* # Disallow public access to server resources EOF # Generate authentication configuration -cat >>$root/conf/auth.conf <<EOF +cat >>$root/conf/locauth$sslsuffix.conf <<EOF # Generated by: cert-auth-conf $* # Require clients to present a valid client certificate SSLVerifyClient require diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf index defa1bf8b1..4ba3bec23a 100755 --- a/sca-cpp/trunk/modules/http/form-auth-conf +++ b/sca-cpp/trunk/modules/http/form-auth-conf @@ -27,15 +27,22 @@ host=`echo $conf | awk '{ print $6 }'` pw=`cat $root/cert/ca.key | head -2 | tail -1` +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + sslsuffix="" +else + sslsuffix="-ssl" +fi + # Disallow public access to server resources -cat >$root/conf/noauth.conf <<EOF +cat >$root/conf/noauth$sslsuffix.conf <<EOF # Generated by: form-auth-conf $* # Disallow public access to server resources EOF # Generate form authentication configuration -cat >>$root/conf/auth.conf <<EOF +cat >>$root/conf/locauth$sslsuffix.conf <<EOF # Generated by: form-auth-conf $* # Require clients to present a userid + password through form-based # authentication diff --git a/sca-cpp/trunk/modules/http/group-auth-conf b/sca-cpp/trunk/modules/http/group-auth-conf index 726c55982d..e9617f696a 100755 --- a/sca-cpp/trunk/modules/http/group-auth-conf +++ b/sca-cpp/trunk/modules/http/group-auth-conf @@ -23,8 +23,15 @@ root=`echo "import os; print os.path.realpath('$1')" | python` user=$2 group="members" +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + sslsuffix="" +else + sslsuffix="-ssl" +fi + # Disallow public access to server resources -cat >$root/conf/noauth.conf <<EOF +cat >$root/conf/noauth$sslsuffix.conf <<EOF # Generated by: group-auth-conf $* # Disallow public access to server resources @@ -36,9 +43,9 @@ cp $root/conf/.httpd.groups.tmp $root/conf/httpd.groups rm $root/conf/.httpd.groups.tmp # Generate HTTPD group authorization configuration -conf=`cat $root/conf/auth.conf | grep "Generated by: group-auth-conf"` +conf=`cat $root/conf/locauth$sslsuffix.conf | grep "Generated by: group-auth-conf"` if [ "$conf" = "" ]; then - cat >>$root/conf/auth.conf <<EOF + cat >>$root/conf/locauth$sslsuffix.conf <<EOF # Generated by: group-auth-conf $1 # Allow group member access to root location <Location /> diff --git a/sca-cpp/trunk/modules/http/htdocs/login/index.html b/sca-cpp/trunk/modules/http/htdocs/login/index.html index 8b0ad48bd6..99aeb31d1b 100644 --- a/sca-cpp/trunk/modules/http/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/http/htdocs/login/index.html @@ -23,6 +23,7 @@ <meta name="apple-mobile-web-app-capable" content="yes"/> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/> <link rel="stylesheet" type="text/css" href="/ui.css"/> +<script type="text/javascript" src="/util.js"></script> <title>Sign in</title> </head> <body> diff --git a/sca-cpp/trunk/modules/http/htdocs/logout/index.html b/sca-cpp/trunk/modules/http/htdocs/logout/index.html index 0365af36a1..4e7df1bcf3 100644 --- a/sca-cpp/trunk/modules/http/htdocs/logout/index.html +++ b/sca-cpp/trunk/modules/http/htdocs/logout/index.html @@ -24,6 +24,7 @@ <meta name="apple-mobile-web-app-capable" content="yes"/> <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/> <link rel="stylesheet" type="text/css" href="/ui.css"/> +<script type="text/javascript" src="/util.js"></script> <title>Sign out</title> </head> <h1>Sign out</h1> diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index 5bcde9f633..e5e7f27287 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -101,6 +101,9 @@ Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate +# Configuration auth modules +Include conf/auth.conf + # Set default document root DocumentRoot $htdocs DirectoryIndex index-min.html index.html @@ -112,11 +115,6 @@ AllowOverride None Require all denied </Directory> -# Configure authentication -Include conf/noauth.conf -Include conf/auth.conf -Include conf/pubauth.conf - # Configure output filters to enable compression and rate limiting <Location /> SetOutputFilter RATE_LIMIT;DEFLATE @@ -144,6 +142,12 @@ RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R] </Location> Include conf/svhost.conf + +# Configure authentication +Include conf/noauth.conf +Include conf/locauth.conf +Include conf/pubauth.conf + </VirtualHost> EOF @@ -151,7 +155,6 @@ EOF # Configure logging cat >$root/conf/log.conf <<EOF # Generated by: httpd-conf $* -LogLevel notice ErrorLog $root/logs/error_log CustomLog $root/logs/access_log combined @@ -227,6 +230,11 @@ EOF # Generate auth configuration cat >$root/conf/auth.conf <<EOF # Generated by: httpd-conf $* + +EOF + +cat >$root/conf/locauth.conf <<EOF +# Generated by: httpd-conf $* # Authentication and authorization configuration # Allow authorized access to document root diff --git a/sca-cpp/trunk/modules/http/httpd-loglevel-conf b/sca-cpp/trunk/modules/http/httpd-loglevel-conf new file mode 100755 index 0000000000..c9d2ad81d5 --- /dev/null +++ b/sca-cpp/trunk/modules/http/httpd-loglevel-conf @@ -0,0 +1,32 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Configure HTTPD log level +here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` +mkdir -p $1 +root=`echo "import os; print os.path.realpath('$1')" | python` +level=$2 + +# Configure log level +cat >>$root/conf/log.conf <<EOF +# Generated by: httpd-loglevel-conf $* +LogLevel $level + +EOF + diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index fda40f01f1..9bf98162ce 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -72,10 +72,39 @@ RewriteRule .* https://$host$sslpportsuffix%{REQUEST_URI} [R] </Location> Include conf/svhost-ssl.conf + +# Configure authentication +Include conf/noauth-ssl.conf +Include conf/locauth-ssl.conf +Include conf/pubauth-ssl.conf + </VirtualHost> EOF +# Generate auth configuration +cat >$root/conf/locauth-ssl.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Authentication and authorization configuration +Include conf/locauth.conf + +EOF + +cat >$root/conf/pubauth-ssl.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Allow everyone to access public locations +Include conf/pubauth.conf + +EOF + +# Allow public access to server resources +cat >$root/conf/noauth-ssl.conf <<EOF +# Generated by: httpd-conf $* +# Allow public access to server resources +Include conf/noauth.conf + +EOF + # Generate HTTP vhost configuration cat >>$root/conf/svhost.conf <<EOF # Generated by: httpd-ssl-conf $* @@ -89,6 +118,7 @@ RewriteRule .* https://$host$sslpportsuffix%{REQUEST_URI} [R] EOF +# Redirect HTTP traffic to HTTPS in HTTP vhost cat >>$root/conf/dvhost.conf <<EOF # Generated by: httpd-ssl-conf $* # Redirect HTTP traffic to HTTPS diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf index cb702596ef..9c209b8685 100755 --- a/sca-cpp/trunk/modules/http/open-auth-conf +++ b/sca-cpp/trunk/modules/http/open-auth-conf @@ -25,17 +25,24 @@ root=`echo "import os; print os.path.realpath('$1')" | python` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` +if [ "$sslconf" = "" ]; then + sslsuffix="" +else + sslsuffix="-ssl" +fi + pw=`cat $root/cert/ca.key | head -2 | tail -1` # Disallow public access to server resources -cat >$root/conf/noauth.conf <<EOF +cat >$root/conf/noauth$sslsuffix.conf <<EOF # Generated by: open-auth-conf $* # Disallow public access to server resources EOF # Generate form authentication configuration -cat >>$root/conf/auth.conf <<EOF +cat >>$root/conf/locauth$sslsuffix.conf <<EOF # Generated by: open-auth-conf $* # Enable Tuscany open authentication <Location /> diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf index 2bcc158f48..554a1638cd 100755 --- a/sca-cpp/trunk/modules/http/vhost-conf +++ b/sca-cpp/trunk/modules/http/vhost-conf @@ -44,9 +44,17 @@ NameVirtualHost $vhost <VirtualHost $vhost> ServerName http://vhost.$host:$pport ServerAlias *.$host -VirtualDocumentRoot $vroot/%1/$vhtdocs/ + +# Map /v/<app-name>/<path> to vroot/<app-name>/vhtdocs/<path> +AliasMatch /v/([^/]+)(.*)$ $vroot/\$1/$vhtdocs/\$2 Include conf/dvhost.conf + +# Configure authentication +Include conf/noauth.conf +Include conf/auth.conf +Include conf/pubauth.conf + </VirtualHost> EOF diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf index 28e9eefe76..8445a20325 100755 --- a/sca-cpp/trunk/modules/http/vhost-ssl-conf +++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf @@ -49,8 +49,16 @@ NameVirtualHost $sslvhost <VirtualHost $sslvhost> ServerName https://vhost.$host:$sslpport ServerAlias *.$host -VirtualDocumentRoot $vroot/%1/$vhtdocs/ + +# Map /v/<app-name>/<path> to vroot/<app-name>/vhtdocs/<path> +AliasMatch /v/([^/]+)(.*)$ $vroot/\$1/$vhtdocs/\$2 Include conf/dvhost-ssl.conf + +# Configure authentication +Include conf/noauth-ssl.conf +Include conf/auth-ssl.conf +Include conf/pubauth-ssl.conf + </VirtualHost> |