summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/http
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2012-04-02 06:23:35 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2012-04-02 06:23:35 +0000
commit54b61a4f65fb36be0bc3f190707aac2c4226a4a9 (patch)
tree5558f85da71d2f0a530001412f339fdc51495315 /sca-cpp/trunk/modules/http
parentd28e692331d0fa5cc4a8aa010f4c715da07abf7e (diff)
Support multiple Auth modules in a single server or proxy config. Minor fixes to the OAuth2 module to comply with the spec.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1308244 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/modules/http')
-rwxr-xr-xsca-cpp/trunk/modules/http/basic-auth-conf7
-rwxr-xr-xsca-cpp/trunk/modules/http/form-auth-conf6
-rw-r--r--sca-cpp/trunk/modules/http/htdocs/login/index.html3
-rw-r--r--sca-cpp/trunk/modules/http/htdocs/logout/index.html3
-rw-r--r--sca-cpp/trunk/modules/http/http.hpp82
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-conf40
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf1
-rw-r--r--sca-cpp/trunk/modules/http/httpd.hpp18
-rw-r--r--sca-cpp/trunk/modules/http/mod-openauth.cpp28
-rwxr-xr-xsca-cpp/trunk/modules/http/open-auth-conf21
-rw-r--r--sca-cpp/trunk/modules/http/openauth.hpp14
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-conf20
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-ssl-conf12
13 files changed, 175 insertions, 80 deletions
diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf
index 77ca054f1c..39dde90b50 100755
--- a/sca-cpp/trunk/modules/http/basic-auth-conf
+++ b/sca-cpp/trunk/modules/http/basic-auth-conf
@@ -25,6 +25,11 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
+loc=$2
+if [ "$loc" = "" ]; then
+ loc="/"
+fi
+
sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
if [ "$sslconf" = "" ]; then
sslsuffix=""
@@ -44,7 +49,7 @@ cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: basic-auth-conf $*
# Require clients to present a userid + password for HTTP
# basic authentication
-<Location />
+<Location $loc>
AuthType Basic
AuthName "$host"
AuthBasicProvider file
diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf
index 4ba3bec23a..2898d9b7ed 100755
--- a/sca-cpp/trunk/modules/http/form-auth-conf
+++ b/sca-cpp/trunk/modules/http/form-auth-conf
@@ -25,7 +25,11 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
-pw=`cat $root/cert/ca.key | head -2 | tail -1`
+if [ "$2" = "" ]; then
+ pw=`cat $root/cert/ca.key | head -2 | tail -1`
+else
+ pw="$2"
+fi
sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
if [ "$sslconf" = "" ]; then
diff --git a/sca-cpp/trunk/modules/http/htdocs/login/index.html b/sca-cpp/trunk/modules/http/htdocs/login/index.html
index 99aeb31d1b..5c5286f7c4 100644
--- a/sca-cpp/trunk/modules/http/htdocs/login/index.html
+++ b/sca-cpp/trunk/modules/http/htdocs/login/index.html
@@ -32,8 +32,7 @@
<script type="text/javascript">
function submitFormSignin() {
- var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE';
- document.cookie = reset;
+ clearauthcookie();
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
diff --git a/sca-cpp/trunk/modules/http/htdocs/logout/index.html b/sca-cpp/trunk/modules/http/htdocs/logout/index.html
index 4e7df1bcf3..795f8f32a2 100644
--- a/sca-cpp/trunk/modules/http/htdocs/logout/index.html
+++ b/sca-cpp/trunk/modules/http/htdocs/logout/index.html
@@ -33,8 +33,7 @@
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
- var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE';
- document.cookie = reset;
+ clearauthcookie();
document.signout.submit();
return true;
}
diff --git a/sca-cpp/trunk/modules/http/http.hpp b/sca-cpp/trunk/modules/http/http.hpp
index 2334c1c525..eb7a8d506f 100644
--- a/sca-cpp/trunk/modules/http/http.hpp
+++ b/sca-cpp/trunk/modules/http/http.hpp
@@ -52,6 +52,11 @@ namespace tuscany {
namespace http {
/**
+ * Enable CURL verbose debug log.
+ */
+//#define WANT_MAINTAINER_CURL_VERBOSE
+
+/**
* CURL library runtime, one per process.
*/
class CURLRuntime {
@@ -243,7 +248,7 @@ const failable<CURL*> setup(const string& url, const CURLSession& cs) {
CURL* ch = handle(cs);
curl_easy_reset(ch);
curl_easy_setopt(ch, CURLOPT_USERAGENT, "libcurl/1.0");
-#ifdef WANT_MAINTAINER_MODE
+#ifdef WANT_MAINTAINER_CURL_VERBOSE
curl_easy_setopt(ch, CURLOPT_VERBOSE, true);
#endif
@@ -454,9 +459,9 @@ const failable<value> evalExpr(const value& expr, const string& url, const CURLS
/**
* Find and return a header.
*/
-const failable<string> header(const char* prefix, const list<string>& h) {
+const maybe<string> header(const char* prefix, const list<string>& h) {
if (isNil(h))
- return mkfailure<string>(string("Couldn't find header: ") + prefix);
+ return maybe<string>();
const string s = car(h);
if (find(s, prefix) != 0)
return header(prefix, cdr(h));
@@ -467,8 +472,9 @@ const failable<string> header(const char* prefix, const list<string>& h) {
/**
* Find and return a location header.
*/
-const failable<string> location(const list<string>& h) {
- return header("Location: ", h);
+const string location(const list<string>& h) {
+ const maybe<string> l = header("Location: ", h);
+ return hasContent(l)? content(l) : "";
}
/**
@@ -484,8 +490,9 @@ const value entryId(const failable<string> l) {
/**
* Find and return a content-type header.
*/
-const failable<string> contentType(const list<string>& h) {
- return header("Content-Type: ", h);
+const string contentType(const list<string>& h) {
+ const maybe<string> ct = header("Content-Type: ", h);
+ return hasContent(ct)? content(ct) : "";
}
/**
@@ -516,44 +523,40 @@ const failable<value> getcontent(const string& url, const CURLSession& cs) {
}
/**
- * HTTP GET, return a list of values representing the resource at the given URL.
+ * Convert an HTTP content response to a value.
*/
-const failable<value> get(const string& url, const CURLSession& cs) {
- debug(url, "http::get::url");
+const failable<value> responseValue(const list<list<string> > res) {
- // Get the contents of the resource at the given URL
- const failable<list<list<string> > > res = get<list<string> >(rcons<string>, list<string>(), url, cs);
- if (!hasContent(res))
- return mkfailure<value>(reason(res));
- const string ct(content(contentType(car(content(res)))));
- debug(ct, "http::get::contentType");
+ // Parse the returned content
+ const string ct = contentType(car(res));
+ debug(ct, "http::responseValue::contentType");
- const list<string> ls(reverse(cadr(content(res))));
- debug(ls, "http::get::content");
+ const list<string> ls(reverse(cadr(res)));
+ debug(ls, "http::responseValue::content");
if (atom::isATOMEntry(ls)) {
// Read an ATOM entry
const value val(elementsToValues(content(atom::readATOMEntry(ls))));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
if (contains(ct, "application/atom+xml") || atom::isATOMFeed(ls)) {
// Read an ATOM feed
const value val(elementsToValues(content(atom::readATOMFeed(ls))));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
if (contains(ct, "application/rss+xml") || rss::isRSSFeed(ls)) {
// Read an RSS feed
const value val(elementsToValues(content(rss::readRSSFeed(ls))));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
if (contains(ct, "text/javascript") || contains(ct, "application/json") || json::isJSON(ls)) {
// Read a JSON document
js::JSContext cx;
const value val(json::jsonValues(content(json::readJSON(ls, cx))));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
if (contains(ct, "application/x-javascript")) {
@@ -565,27 +568,42 @@ const failable<value> get(const string& url, const CURLSession& cs) {
const size_t fp = find(s, '(');
const size_t lp = find_last(s, ')');
const list<string> jls = mklist<string>(substr(s, fp + 1, lp - (fp + 1)));
- debug(jls, "http::get::javascript::content");
+ debug(jls, "http::responseValue::javascript::content");
js::JSContext cx;
const value val(json::jsonValues(content(json::readJSON(jls, cx))));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
if (contains(ct, "text/xml") || contains(ct, "application/xml") || isXML(ls)) {
// Read an XML document
const value val(elementsToValues(readXML(ls)));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
// Return the content type and a content list
const value val(mklist<value>(ct, mkvalues(ls)));
- debug(val, "http::get::result");
+ debug(val, "http::responseValue::result");
return val;
}
/**
+ * HTTP GET, return a list of values representing the resource at the given URL.
+ */
+const failable<value> get(const string& url, const CURLSession& cs) {
+ debug(url, "http::get::url");
+
+ // Get the contents of the resource at the given URL
+ const failable<list<list<string> > > res = get<list<string> >(rcons<string>, list<string>(), url, cs);
+ if (!hasContent(res))
+ return mkfailure<value>(reason(res));
+
+ // Parse the returned content
+ return responseValue(content(res));
+}
+
+/**
* Form an HTTP content request.
*/
const failable<list<list<string> > > writeRequest(const failable<list<string> >& ls, const string& ct) {
@@ -686,9 +704,15 @@ const failable<value> post(const value& val, const string& url, const CURLSessio
return mkfailure<value>(reason(res));
// Return the new entry id from the HTTP location header, if any
- const value eid(entryId(location(car(content(res)))));
- debug(eid, "http::post::result");
- return eid;
+ const string loc = location(car(content(res)));
+ if (length(loc) != 0) {
+ const value eid(entryId(location(car(content(res)))));
+ debug(eid, "http::post::result");
+ return eid;
+ }
+
+ // Return the returned content
+ return responseValue(content(res));
}
/**
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index e5e7f27287..f940073a91 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -35,6 +35,8 @@ else
pportsuffix=":$pport"
fi
+dothost=`echo $host | grep "\."`
+
mkdir -p $4
htdocs=`echo "import os; print os.path.realpath('$4')" | python`
@@ -85,10 +87,7 @@ LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Refere
Include conf/log.conf
# Configure tracking
-CookieTracking on
-CookieName TuscanyVisitorId
-CookieStyle Cookie
-CookieExpires 31556926
+Include conf/tracking.conf
# Configure Mime types and default charsets
TypesConfig $here/conf/mime.types
@@ -96,12 +95,12 @@ AddDefaultCharset utf-8
AddCharset utf-8 .html .js .css
# Configure cache control
-SetEnvIf Request_URI "^/app.html$" must-revalidate
-Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate
-Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate
-Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate
+<Directory />
+ExpiresActive On
+ExpiresDefault M604800
+</Directory>
-# Configuration auth modules
+# Configure auth modules
Include conf/auth.conf
# Set default document root
@@ -138,6 +137,7 @@ ServerName http://$host$pportsuffix
<Location />
RewriteEngine on
RewriteCond %{HTTP_HOST} !^$host [NC]
+RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
</Location>
@@ -152,6 +152,26 @@ Include conf/pubauth.conf
EOF
+# Generate tracking configuration
+cat >$root/conf/tracking.conf <<EOF
+# Generated by: httpd-conf $*
+# Configure tracking
+CookieTracking on
+CookieName TuscanyVisitorId
+CookieStyle Cookie
+CookieExpires 31556926
+
+EOF
+
+if [ "$dothost" != "" ]; then
+ cat >>$root/conf/tracking.conf <<EOF
+# Generated by: httpd-conf $*
+CookieDomain .$dothost
+
+EOF
+
+fi
+
# Configure logging
cat >$root/conf/log.conf <<EOF
# Generated by: httpd-conf $*
@@ -206,6 +226,7 @@ LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
LoadModule env_module ${modules_prefix}/modules/mod_env.so
+LoadModule expires_module ${modules_prefix}/modules/mod_expires.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
</IfModule>
@@ -223,7 +244,6 @@ LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel$libsuffix
-LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth$libsuffix
EOF
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 9bf98162ce..cb5ccfb8db 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -68,6 +68,7 @@ ServerName https://$host$sslpportsuffix
<Location />
RewriteEngine on
RewriteCond %{HTTP_HOST} !^$host [NC]
+RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
RewriteRule .* https://$host$sslpportsuffix%{REQUEST_URI} [R]
</Location>
diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp
index af075a04e8..718ed6e52b 100644
--- a/sca-cpp/trunk/modules/http/httpd.hpp
+++ b/sca-cpp/trunk/modules/http/httpd.hpp
@@ -44,14 +44,14 @@
#include <http_connection.h>
#include <http_request.h>
// Ignore conversion warnings in HTTPD 2.3.15 header
-#ifdef WANT_MAINTAINER_MODE
+#ifdef WANT_MAINTAINER_WARNINGS
#ifndef IS_DARWIN
#pragma GCC diagnostic ignored "-Wconversion"
#endif
#endif
#include <http_protocol.h>
// Re-enable conversion warnings
-#ifdef WANT_MAINTAINER_MODE
+#ifdef WANT_MAINTAINER_WARNINGS
#ifndef IS_DARWIN
#pragma GCC diagnostic warning "-Wconversion"
#endif
@@ -259,6 +259,8 @@ const list<value> pathInfo(const list<value>& uri, const list<value>& path) {
* Convert a URI to an absolute URL.
*/
const string url(const string& uri, request_rec* r) {
+ if (contains(uri, "://"))
+ return uri;
ostringstream n;
const string s = scheme(r);
const string h = hostName(r, "localhost");
@@ -406,8 +408,8 @@ const failable<int> writeResult(const failable<list<string> >& ls, const string&
const string ob(str(os));
// Make sure browsers come back and check for updated dynamic content
- // The actual header setup is configured in httpd-conf, based on the must-revalidate env variable
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "must-revalidate"), apr_pstrdup(r->pool, "true"));
+ apr_table_set(r->headers_out, "Cache-Control", "must-revalidate, max-age=0");
+ apr_table_set(r->headers_out, "Expires", "Tue, 01 Jan 1980 00:00:00 GMT");
// Compute and return an Etag for the returned content
const string etag(ap_md5_binary(r->pool, (const unsigned char*)c_str(ob), (int)length(ob)));
@@ -658,7 +660,7 @@ const void* userData(const string& k, const server_rec* s) {
return v;
}
-#ifdef WANT_MAINTAINER_MODE
+#ifdef WANT_MAINTAINER_LOG
/**
* Debug log.
@@ -701,8 +703,6 @@ int debugNote(unused void* r, const char* key, const char* value) {
* Log a request.
*/
const bool debugRequest(request_rec* r, const string& msg) {
- if (!isDebugLog())
- return true;
gc_scoped_pool();
cdebug << msg << ":" << endl;
cdebug << " unparsed uri: " << debugOptional(r->unparsed_uri) << endl;
@@ -725,11 +725,11 @@ const bool debugRequest(request_rec* r, const string& msg) {
return true;
}
-#define httpdDebugRequest(r, msg) httpd::debugRequest(r, msg)
+#define debug_httpdRequest(r, msg) if (debug_islogging()) httpd::debugRequest(r, msg)
#else
-#define httpdDebugRequest(r, msg)
+#define debug_httpdRequest(r, msg)
#endif
diff --git a/sca-cpp/trunk/modules/http/mod-openauth.cpp b/sca-cpp/trunk/modules/http/mod-openauth.cpp
index 09d62bf5f7..b1aabd73fe 100644
--- a/sca-cpp/trunk/modules/http/mod-openauth.cpp
+++ b/sca-cpp/trunk/modules/http/mod-openauth.cpp
@@ -77,7 +77,7 @@ public:
string login;
};
-#ifdef WANT_MAINTAINER_MODE
+#ifdef WANT_MAINTAINER_LOG
/**
* Log session entries.
@@ -88,12 +88,16 @@ int debugSessionEntry(unused void* r, const char* key, const char* value) {
}
const bool debugSession(request_rec* r, session_rec* z) {
- if (!isDebugLog())
- return true;
apr_table_do(debugSessionEntry, r, z->entries, NULL);
return true;
}
+#define debug_authSession(r, z) if (debug_islogging()) openauth::debugSession(r, z)
+
+#else
+
+#define debug_authSession(r, z)
+
#endif
/**
@@ -110,9 +114,7 @@ const failable<value> userInfoFromSession(const string& realm, request_rec* r) {
ap_session_load_fn(r, &z);
if (z == NULL)
return mkfailure<value>("Couldn't retrieve user session");
-#ifdef WANT_MAINTAINER_MODE
- debugSession(r, z);
-#endif
+ debug_authSession(r, z);
if (ap_session_get_fn == NULL)
ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
@@ -213,10 +215,10 @@ static int checkAuthn(request_rec *r) {
// Create a scoped memory pool
gc_scoped_pool pool(r->pool);
- httpdDebugRequest(r, "modopenauth::checkAuthn::input");
+ debug_httpdRequest(r, "modopenauth::checkAuthn::input");
// Get session id from the request
- const maybe<string> sid = sessionID(r);
+ const maybe<string> sid = sessionID(r, "TuscanyOpenAuth");
if (hasContent(sid)) {
// Decline if the session id was not created by this module
const string stype = substr(content(sid), 0, 7);
@@ -283,12 +285,12 @@ static int checkAuthn(request_rec *r) {
// Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED;
- if (!isNil(assoc<value>("mod_oauth1_step", args)))
- return DECLINED;
- if (!isNil(assoc<value>("mod_oauth2_step", args)))
- return DECLINED;
- // Redirect to the login page
+ // Redirect to the login page, unless we have a session id from another module
+ if (hasContent(sessionID(r, "TuscanyOpenIDAuth")) ||
+ hasContent(sessionID(r, "TuscanyOAuth1")) ||
+ hasContent(sessionID(r, "TuscanyOAuth2")))
+ return DECLINED;
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf
index 9c209b8685..5226622058 100755
--- a/sca-cpp/trunk/modules/http/open-auth-conf
+++ b/sca-cpp/trunk/modules/http/open-auth-conf
@@ -22,6 +22,13 @@ here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $h
mkdir -p $1
root=`echo "import os; print os.path.realpath('$1')" | python`
+uname=`uname -s`
+if [ $uname = "Darwin" ]; then
+ libsuffix=".dylib"
+else
+ libsuffix=".so"
+fi
+
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
@@ -32,7 +39,19 @@ else
sslsuffix="-ssl"
fi
-pw=`cat $root/cert/ca.key | head -2 | tail -1`
+if [ "$2" = "" ]; then
+ pw=`cat $root/cert/ca.key | head -2 | tail -1`
+else
+ pw="$2"
+fi
+
+# Configure HTTPD mod_tuscany_openauth module
+cat >>$root/conf/modules.conf <<EOF
+# Generated by: openauth-conf $*
+# Load support for Open authentication
+LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth$libsuffix
+
+EOF
# Disallow public access to server resources
cat >$root/conf/noauth$sslsuffix.conf <<EOF
diff --git a/sca-cpp/trunk/modules/http/openauth.hpp b/sca-cpp/trunk/modules/http/openauth.hpp
index e044a74fe2..5d887885aa 100644
--- a/sca-cpp/trunk/modules/http/openauth.hpp
+++ b/sca-cpp/trunk/modules/http/openauth.hpp
@@ -47,7 +47,7 @@ const char* cookieName(const char* cs) {
return cs;
return cookieName(cs + 1);
}
-const maybe<string> sessionID(const list<string> c) {
+const maybe<string> sessionID(const list<string>& c, const string& key) {
if (isNil(c))
return maybe<string>();
const string cn = cookieName(c_str(car(c)));
@@ -55,29 +55,29 @@ const maybe<string> sessionID(const list<string> c) {
if (i < length(cn)) {
const list<string> kv = mklist<string>(substr(cn, 0, i), substr(cn, i+1));
if (!isNil(kv) && !isNil(cdr(kv))) {
- if (car(kv) == "TuscanyOpenAuth")
+ if (car(kv) == key)
return cadr(kv);
}
}
- return sessionID(cdr(c));
+ return sessionID(cdr(c), key);
}
-const maybe<string> sessionID(const request_rec* r) {
+const maybe<string> sessionID(const request_rec* r, const string& key) {
const string c = httpd::cookie(r);
debug(c, "openauth::sessionid::cookies");
if (length(c) == 0)
return maybe<string>();
- return sessionID(tokenize(";", c));
+ return sessionID(tokenize(";", c), key);
}
/**
* Convert a session id to a cookie string.
*/
-const string cookie(const string& sid, const string& domain) {
+const string cookie(const string& key, const string& sid, const string& domain) {
const time_t t = time(NULL) + 86400;
char exp[32];
strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t));
- const string c = string("TuscanyOpenAuth=") + sid + "; expires=" + string(exp) + "; domain=." + domain + "; path=/";
+ const string c = key + string("=") + sid + "; expires=" + string(exp) + "; domain=." + domain + "; path=/";
debug(c, "openauth::cookie");
return c;
}
diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf
index 76e5b2f3dd..4c445db9fa 100755
--- a/sca-cpp/trunk/modules/http/proxy-conf
+++ b/sca-cpp/trunk/modules/http/proxy-conf
@@ -25,6 +25,9 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
cat >>$root/conf/vhost.conf <<EOF
# Generated by: proxy-conf $*
# Enable load balancing
+ProxyPass /balancer-manager !
+ProxyPass /server-status !
+ProxyPass /server-info !
ProxyPass / balancer://cluster/
<Proxy balancer://cluster>
@@ -37,5 +40,22 @@ RequestHeader set X-Forwarded-HTTPS %{HTTPS}s
RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
</Location>
+# Enable balancer manager
+<Location /balancer-manager>
+SetHandler balancer-manager
+HostnameLookups on
+Require user admin
+</Location>
+
+EOF
+
+cat >>$root/conf/pubauth.conf <<EOF
+# Generated by: proxy-conf $*
+# Allow the server admin to manage the load balancer
+<Location /balancer-manager>
+HostnameLookups on
+Require user admin
+</Location>
+
EOF
diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf
index 7e8003d283..d87aea6670 100755
--- a/sca-cpp/trunk/modules/http/proxy-ssl-conf
+++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf
@@ -26,6 +26,8 @@ cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-conf $*
# Enable load balancing
ProxyPass /balancer-manager !
+ProxyPass /server-status !
+ProxyPass /server-info !
ProxyPass / balancer://sslcluster/
<Proxy balancer://sslcluster>
@@ -33,6 +35,11 @@ Require all granted
ProxySet lbmethod=byrequests
</Proxy>
+<Location />
+RequestHeader set X-Forwarded-HTTPS %{HTTPS}s
+RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
+</Location>
+
# Enable balancer manager
<Location /balancer-manager>
SetHandler balancer-manager
@@ -40,11 +47,6 @@ HostnameLookups on
Require user admin
</Location>
-<Location />
-RequestHeader set X-Forwarded-HTTPS %{HTTPS}s
-RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
-</Location>
-
EOF
cat >>$root/conf/svhost-ssl.conf <<EOF