Enable administrative access using basic auth.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1311136 13f79535-47bb-0310-9956-ffa450edef68
author: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> 2012-04-09 06:22:06 +0000
committer: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> 2012-04-09 06:22:06 +0000
commit: 5cc3ef4b5260a20ce28c3ada0d7edb364ca1688b (patch)
tree: 575e505e264ae5dea3b1920a53a436129437d2b2 /sca-cpp
parent: 7438c0ac7dc2ae6f03a0329444a6e3eabfbac048 (diff)
9 files changed, 37 insertions, 13 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index f940073a91..74b3944cc1 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -121,6 +121,7 @@ SetOutputFilter RATE_LIMIT;DEFLATE
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+BrowserMatch ^check_http/ check_http
 SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
 Header append Vary User-Agent env=!dont-vary
 
@@ -141,12 +142,24 @@ RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
 RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
 </Location>
 
+# Enable server status
+<Location /server-status>
+SetHandler server-status
+HostnameLookups on
+</Location>
+
+<Location /server-info>
+SetHandler server-info
+HostnameLookups on
+</Location>
+
 Include conf/svhost.conf
 
 # Configure authentication
 Include conf/noauth.conf
 Include conf/locauth.conf
 Include conf/pubauth.conf
+Include conf/adminauth.conf
 
 </VirtualHost>
 
@@ -299,16 +312,16 @@ AuthType None
 Require all granted
 </Location>
 
+EOF
+
+cat >$root/conf/adminauth.conf <<EOF
+
 # Allow the server admin to view the server status and info
 <Location /server-status>
-SetHandler server-status
-HostnameLookups on
 Require user admin
 </Location>
 
 <Location /server-info>
-SetHandler server-info
-HostnameLookups on
 Require user admin
 </Location>
 
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index cb5ccfb8db..420d08ff87 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -78,6 +78,7 @@ Include conf/svhost-ssl.conf
 Include conf/noauth-ssl.conf
 Include conf/locauth-ssl.conf
 Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
 
 </VirtualHost>
 
@@ -98,6 +99,13 @@ Include conf/pubauth.conf
 
 EOF
 
+cat >$root/conf/adminauth-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Allow admin access
+Include conf/adminauth.conf
+
+EOF
+
 # Allow public access to server resources
 cat >$root/conf/noauth-ssl.conf <<EOF
 # Generated by: httpd-conf $*
diff --git a/sca-cpp/trunk/modules/http/proxy-base-conf b/sca-cpp/trunk/modules/http/proxy-base-conf
index e13ee0ef5d..c61c0e20d8 100755
--- a/sca-cpp/trunk/modules/http/proxy-base-conf
+++ b/sca-cpp/trunk/modules/http/proxy-base-conf
@@ -33,16 +33,14 @@ ProxyPass /server-info !
 <Location /balancer-manager>
 SetHandler balancer-manager
 HostnameLookups on
-Require user admin
 </Location> 
 
 EOF
 
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
 # Generated by: proxy-conf $*
 # Allow the server admin to manage the load balancer
 <Location /balancer-manager>
-HostnameLookups on
 Require user admin
 </Location>
 
diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf
index 4c445db9fa..b2156e6f74 100755
--- a/sca-cpp/trunk/modules/http/proxy-conf
+++ b/sca-cpp/trunk/modules/http/proxy-conf
@@ -44,16 +44,14 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
 <Location /balancer-manager>
 SetHandler balancer-manager
 HostnameLookups on
-Require user admin
 </Location> 
 
 EOF
 
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
 # Generated by: proxy-conf $*
 # Allow the server admin to manage the load balancer
 <Location /balancer-manager>
-HostnameLookups on
 Require user admin
 </Location>
 
diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf
index d87aea6670..94318d7db5 100755
--- a/sca-cpp/trunk/modules/http/proxy-ssl-conf
+++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf
@@ -44,7 +44,6 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
 <Location /balancer-manager>
 SetHandler balancer-manager
 HostnameLookups on
-Require user admin
 </Location> 
 
 EOF
diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf
index 554a1638cd..6d977eb1d5 100755
--- a/sca-cpp/trunk/modules/http/vhost-conf
+++ b/sca-cpp/trunk/modules/http/vhost-conf
@@ -54,6 +54,7 @@ Include conf/dvhost.conf
 Include conf/noauth.conf
 Include conf/auth.conf
 Include conf/pubauth.conf
+Include conf/adminauth.conf
 
 </VirtualHost>
 
diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf
index 8445a20325..915137b51f 100755
--- a/sca-cpp/trunk/modules/http/vhost-ssl-conf
+++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf
@@ -59,6 +59,7 @@ Include conf/dvhost-ssl.conf
 Include conf/noauth-ssl.conf
 Include conf/auth-ssl.conf
 Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
 
 </VirtualHost>
 
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
index 29fe756178..b927315393 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
@@ -435,7 +435,10 @@ static int checkAuthn(request_rec *r) {
         return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc));
     }
 
-    // Redirect to the login page, unless we have a session id from another module
+    // Redirect to the login page, unless we have a session id or an authorization
+    // header from another module
+    if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+        return DECLINED;
     if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOAuth2")))
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
index dbede7ed8b..05ad77d646 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
@@ -308,7 +308,10 @@ static int checkAuthn(request_rec *r) {
         return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.cs, sc.mc));
     }
 
-    // Redirect to the login page, unless we have a session id from another module
+    // Redirect to the login page, unless we have a session id or an authorization
+    // header from another module
+    if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+        return DECLINED;
     if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
         hasContent(openauth::sessionID(r, "TuscanyOAuth1")))
author	jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>	2012-04-09 06:22:06 +0000
committer	jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>	2012-04-09 06:22:06 +0000
commit	5cc3ef4b5260a20ce28c3ada0d7edb364ca1688b (patch)
tree	575e505e264ae5dea3b1920a53a436129437d2b2 /sca-cpp
parent	7438c0ac7dc2ae6f03a0329444a6e3eabfbac048 (diff)