diff options
author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2012-04-02 06:23:35 +0000 |
---|---|---|
committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2012-04-02 06:23:35 +0000 |
commit | 54b61a4f65fb36be0bc3f190707aac2c4226a4a9 (patch) | |
tree | 5558f85da71d2f0a530001412f339fdc51495315 /sca-cpp/trunk/hosting | |
parent | d28e692331d0fa5cc4a8aa010f4c715da07abf7e (diff) |
Support multiple Auth modules in a single server or proxy config. Minor fixes to the OAuth2 module to comply with the spec.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1308244 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
8 files changed, 104 insertions, 67 deletions
diff --git a/sca-cpp/trunk/hosting/server/htdocs/app/index.html b/sca-cpp/trunk/hosting/server/htdocs/app/index.html index 0b01c1d3bd..19fa7488a5 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/app/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/app/index.html @@ -74,8 +74,12 @@ appcache.get = function(uri) { document.head.appendChild(ui.declareCSS(appcache.get('/ui-min.css'))); })(); +</script> + +<script type="text/javascript"> + // Redirect to login page if not signed in -if (document.location.protocol == 'https:' && !ui.signedin()) +if (document.location.protocol == 'https:' && !hasauthcookie()) document.location = '/login/'; </script> diff --git a/sca-cpp/trunk/hosting/server/htdocs/index.html b/sca-cpp/trunk/hosting/server/htdocs/index.html index 3bc1529dbb..468461cedc 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/index.html @@ -74,8 +74,11 @@ appcache.get = function(uri) { document.head.appendChild(ui.declareCSS(appcache.get('/ui-min.css'))); })(); +</script> +<script type="text/javascript"> + // Redirect to login page if not signed in -if (document.location.protocol == 'https:' && !ui.signedin()) +if (document.location.protocol == 'https:' && !hasauthcookie()) document.location = '/login/'; </script> @@ -260,7 +263,7 @@ function showmenu(mdiv, view, appname) { ui.menu(isNil(config.compose)? 'Composition' : config.compose, '/#view=graph&app=' + appname, '_view', view == 'graph'))), mklist( ui.menu('Account', '/#view=account', '_view', view == 'account'), - ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); + hasauthcookie()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); } /** @@ -434,8 +437,7 @@ window.onloginredirect = function(e) { */ function logout() { // Clear session cookie and user-specific local storage entries - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); diff --git a/sca-cpp/trunk/hosting/server/htdocs/login/index.html b/sca-cpp/trunk/hosting/server/htdocs/login/index.html index 9052abe8d3..359afc1807 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/login/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/login/index.html @@ -32,31 +32,50 @@ <h1>Sign in</h1> -<form name="openIDForm"> +<form name="googleOpenIDForm"> <table border="0"> -<tr><td><b>Sign in with your Google account</b></td></tr> -<tr><td><input type="button" value="Sign in" class="graybutton" style="font-weight: bold;" onclick="submitOpenIDSignin(withGoogle)"/></td></tr> +<tr><td><b>Sign in with your Google account (using OpenID)</b></td></tr> +<tr><td><input type="button" value="Sign in" class="graybutton" style="font-weight: bold;" onclick="submitOpenIDSignin(withGoogleOpenID)"/></td></tr> </table> </form> -<form name="oauth2Form"> +<form name="facebookOAuth2Form"> <table border="0"> -<tr><td><b>Sign in with your Facebook account</b></td></tr> -<tr><td><input type="button" value="Sign in" class="graybutton" style="font-weight: bold;" onclick="submitOAuth2Signin(withFacebook)"/></td></tr> +<tr><td><b>Sign in with your Facebook account (using OAuth)</b></td></tr> +<tr><td><input type="button" value="Sign in" class="graybutton" style="font-weight: bold;" onclick="submitOAuth2Signin(withFacebook)"/></td></tr> </table> </form> +<form name="googleOAuth2Form"> +<table border="0"> +<tr><td><b>Sign in with your Google account (using OAuth)</b></td></tr> +<tr><td><input type="button" value="Sign in" class="graybutton" style="font-weight: bold;" onclick="submitOAuth2Signin(withGoogleOAuth)"/></td></tr> +</table> +</form> + +<form name="formSignin" method="POST" action="/login/dologin"> +<table border="0"> +<tr><td colspan="2"><b>Sign in with your user id and password</b></td></tr> +<tr><td>User id:</td><td><input type="text" name="httpd_username" value=""/></td></tr> +<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr> +<tr><td><input type="button" class="graybutton" style="font-weight: bold;" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr> +</table> +</p> +<input type="hidden" name="httpd_location" value="/"/> +</form> + <form name="openIDSignin" action="/" method="GET"> <input type="hidden" name="openid_identifier" value=""/> </form> -<form name="oauth2Signin" action="/" method="GET"> -<input type="hidden" name="mod_oauth2_authorize" value=""/> -<input type="hidden" name="mod_oauth2_access_token" value=""/> -<input type="hidden" name="mod_oauth2_client_id" value=""/> -<input type="hidden" name="mod_oauth2_info" value=""/> -<input type="hidden" name="mod_oauth2_display" value=""/> -<input type="hidden" name="mod_oauth2_step" value="authorize"/> +<form name="oauth2Signin" action="/oauth2/authorize/" method="GET"> +<input type="hidden" name="oauth2_authorize" value=""/> +<input type="hidden" name="oauth2_access_token" value=""/> +<input type="hidden" name="oauth2_client_id" value=""/> +<input type="hidden" name="oauth2_info" value=""/> +<input type="hidden" name="oauth2_display" value=""/> +<input type="hidden" name="oauth2_scope" value=""/> +<input type="hidden" name="openauth_referrer" value=""/> </form> <script type="text/javascript"> @@ -85,8 +104,7 @@ function openauthReferrer() { * Signin with OpenID. */ function submitOpenIDSignin(w) { - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); @@ -95,7 +113,7 @@ function submitOpenIDSignin(w) { document.openIDSignin.submit(); } -function withGoogle() { +function withGoogleOpenID() { return 'https://www.google.com/accounts/o8/id'; } @@ -104,25 +122,40 @@ function withGoogle() { */ function submitOAuth2Signin(w) { parms = w(); - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); - document.oauth2Signin.mod_oauth2_authorize.value = parms[0]; - document.oauth2Signin.mod_oauth2_access_token.value = parms[1]; - document.oauth2Signin.mod_oauth2_client_id.value = parms[2]; - document.oauth2Signin.mod_oauth2_info.value = parms[3]; - document.oauth2Signin.mod_oauth2_display.value = parms[4]; - document.oauth2Signin.action = openauthReferrer(); + document.oauth2Signin.oauth2_authorize.value = parms[0]; + document.oauth2Signin.oauth2_access_token.value = parms[1]; + document.oauth2Signin.oauth2_client_id.value = parms[2]; + document.oauth2Signin.oauth2_info.value = parms[3]; + document.oauth2Signin.oauth2_scope.value = parms[4]; + document.oauth2Signin.oauth2_display.value = parms[5]; + document.oauth2Signin.openauth_referrer.value = openauthReferrer(); + document.oauth2Signin.action = '/oauth2/authorize/'; document.oauth2Signin.submit(); } function withFacebook() { - var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me', ui.isMobile()? 'touch' : 'page']; + var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me', 'email', ui.isMobile()? 'touch' : 'page']; return parms; } +function withGoogleOAuth() { + var parms = ['https://accounts.google.com/o/oauth2/auth', 'https://accounts.google.com/o/oauth2/token', 'google.com', 'https://www.googleapis.com/oauth2/v1/userinfo', 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile', '']; + return parms; +} + +/** + * Signin with a userid and password. + */ +function submitFormSignin() { + clearauthcookie(); + document.formSignin.httpd_location.value = '/'; + document.formSignin.submit(); +} + /** * Handle orientation change. */ diff --git a/sca-cpp/trunk/hosting/server/htdocs/public/notauth/index.html b/sca-cpp/trunk/hosting/server/htdocs/public/notauth/index.html index 21f70f8a65..0c0435d8a7 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/public/notauth/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/public/notauth/index.html @@ -110,7 +110,7 @@ var cdiv = $('content'); function showmenu(mdiv) { mdiv.innerHTML = ui.menubar( mklist(ui.menu('Home', '/', '_view', false)), - mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); + mklist(hasauthcookie()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); } showmenu(mdiv); @@ -121,8 +121,7 @@ cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight); */ function logout() { // Clear session cookie and user-specific local storage entries - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); diff --git a/sca-cpp/trunk/hosting/server/htdocs/public/notfound/index.html b/sca-cpp/trunk/hosting/server/htdocs/public/notfound/index.html index 839cc3395b..0b364b1753 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/public/notfound/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/public/notfound/index.html @@ -111,7 +111,7 @@ var cdiv = $('content'); function showmenu(mdiv) { mdiv.innerHTML = ui.menubar( mklist(ui.menu('Home', '/', '_view', false)), - mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); + mklist(hasauthcookie()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); } showmenu(mdiv); @@ -122,8 +122,7 @@ cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight); */ function logout() { // Clear session cookie and user-specific local storage entries - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); diff --git a/sca-cpp/trunk/hosting/server/htdocs/public/notyet/index.html b/sca-cpp/trunk/hosting/server/htdocs/public/notyet/index.html index c014c7266e..11d25eedef 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/public/notyet/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/public/notyet/index.html @@ -111,7 +111,7 @@ var cdiv = $('content'); function showmenu(mdiv) { mdiv.innerHTML = ui.menubar( mklist(ui.menu('Home', '/', '_view', false)), - mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); + mklist(hasauthcookie()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); } showmenu(mdiv); @@ -122,8 +122,7 @@ cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight); */ function logout() { // Clear session cookie and user-specific local storage entries - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); diff --git a/sca-cpp/trunk/hosting/server/htdocs/public/oops/index.html b/sca-cpp/trunk/hosting/server/htdocs/public/oops/index.html index 2ef7754919..8d27c498d2 100644 --- a/sca-cpp/trunk/hosting/server/htdocs/public/oops/index.html +++ b/sca-cpp/trunk/hosting/server/htdocs/public/oops/index.html @@ -110,7 +110,7 @@ var cdiv = $('content'); function showmenu(mdiv) { mdiv.innerHTML = ui.menubar( mklist(ui.menu('Home', '/', '_view', false)), - mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); + mklist(hasauthcookie()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false))); } showmenu(mdiv); @@ -121,8 +121,7 @@ cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight); */ function logout() { // Clear session cookie and user-specific local storage entries - var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = reset; + clearauthcookie(); localStorage.removeItem('/r/EditWidget/accounts'); localStorage.removeItem('/r/EditWidget/dashboards'); //localStorage.clear(); diff --git a/sca-cpp/trunk/hosting/server/ssl-start b/sca-cpp/trunk/hosting/server/ssl-start index 4689566176..49d2b424b9 100755 --- a/sca-cpp/trunk/hosting/server/ssl-start +++ b/sca-cpp/trunk/hosting/server/ssl-start @@ -17,15 +17,15 @@ # specific language governing permissions and limitations # under the License. -# For this module to work, add the example.com domain to your /etc/hosts as follows: -# 127.0.0.1 example.com +# For this module to work, add the www.example.com domain to your /etc/hosts as follows: +# 127.0.0.1 www.example.com here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` jsprefix=`echo "import os; print os.path.realpath('$here/../../modules/js')" | python` # Create SSL certificates -../../modules/http/ssl-ca-conf tmp example.com -../../modules/http/ssl-cert-conf tmp example.com server +../../modules/http/ssl-ca-conf tmp www.example.com +../../modules/http/ssl-cert-conf tmp www.example.com server # Configure and start logging if [ -x ../../components/log/scribe-cat ]; then @@ -40,31 +40,32 @@ fi ../../components/cache/memcached-start tmp 11212 # Configure server -../../modules/http/httpd-conf tmp example.com 8090 htdocs +../../modules/http/httpd-conf tmp www.example.com 8090 htdocs ../../modules/http/httpd-event-conf tmp ../../modules/http/httpd-ssl-conf tmp 8453 -# Configure password authentication -#../../modules/http/open-auth-conf tmp -#../../modules/http/passwd-auth-conf tmp john john -#../../modules/http/passwd-auth-conf tmp jane jane -#../../modules/http/passwd-auth-conf tmp admin admin +# Configure OpenID step2 authentication +../../modules/openid/openid-conf tmp +../../modules/openid/openid-step2-conf tmp +../../modules/openid/openid-memcached-conf tmp localhost 11212 # Configure OAuth authentication # Configure your OAuth app keys here ../../modules/oauth/oauth-conf tmp ../../modules/oauth/oauth-memcached-conf tmp localhost 11212 ../../modules/oauth/oauth2-appkey-conf tmp facebook.com 12345 67890 +../../modules/oauth/oauth2-appkey-conf tmp google.com 12345 67890 -# Configure OpenID step2 authentication -../../modules/openid/openid-conf tmp -../../modules/openid/openid-step2-conf tmp -../../modules/openid/openid-memcached-conf tmp localhost 11212 +# Configure password authentication +../../modules/http/open-auth-conf tmp +../../modules/http/passwd-auth-conf tmp john john +../../modules/http/passwd-auth-conf tmp jane jane +../../modules/http/passwd-auth-conf tmp admin admin # Configure authorized users -#../../modules/http/group-auth-conf tmp john -#../../modules/http/group-auth-conf tmp jane -#../../modules/http/group-auth-conf tmp admin +../../modules/http/group-auth-conf tmp john +../../modules/http/group-auth-conf tmp jane +../../modules/http/group-auth-conf tmp admin # Configure the email addresses associated with your OpenID and OAuth ids here ../../modules/http/group-auth-conf tmp john@example.com ../../modules/http/group-auth-conf tmp jane@example.com @@ -91,11 +92,11 @@ CustomLog "|$here/../../components/log/scribe-cat server" sslcombined EOF - cat >tmp/conf/mod-security-log.conf <<EOF +# cat >tmp/conf/mod-security-log.conf <<EOF # Generated by: ssl-start $* -SecAuditLog "|$here/../../components/log/scribe-cat secaudit" - -EOF +#SecAuditLog "|$here/../../components/log/scribe-cat secaudit" +# +#EOF else cat >tmp/conf/log.conf <<EOF @@ -111,11 +112,11 @@ CustomLog $here/tmp/logs/ssl_access_log sslcombined EOF - cat >tmp/conf/mod-security-log.conf <<EOF +# cat >tmp/conf/mod-security-log.conf <<EOF # Generated by: ssl-start $* -SecAuditLog $here/tmp/logs/secaudit_log secaudit - -EOF +#SecAuditLog $here/tmp/logs/secaudit_log +# +#EOF fi @@ -180,5 +181,6 @@ AliasMatch /v/([^/]+)(.*)$ $here/htdocs/app\$2 EOF # Start server +#../../modules/http/httpd-loglevel-conf tmp debug ../../modules/http/httpd-start tmp |