Add scripts to support 'Require valid-user' and 'Require group' authz configurations separately.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1041681 13f79535-47bb-0310-9956-ffa450edef68
author: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> 2010-12-03 03:59:19 +0000
committer: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> 2010-12-03 03:59:19 +0000
commit: 8d13a8e4dbc51852b02c647b8c76b59a1922049b (patch)
tree: 4708ff546febb6a9457daf967f7b8893610d8d06 /sca-cpp
parent: 6f3e045ffeef4645a182ccc80ecd37e1803dd44d (diff)
21 files changed, 113 insertions, 41 deletions
diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am
index af8ab4d1c3..a47b83fbf0 100644
--- a/sca-cpp/trunk/modules/http/Makefile.am
+++ b/sca-cpp/trunk/modules/http/Makefile.am
@@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
 incl_HEADERS = *.hpp
 incldir = $(prefix)/include/modules/http
 
-dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf
+dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf passwd-auth-conf group-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf
 moddir=$(prefix)/modules/http
 
 curl_test_SOURCES = curl-test.cpp
diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf
index 74f4a61959..c3018e1174 100755
--- a/sca-cpp/trunk/modules/http/basic-auth-conf
+++ b/sca-cpp/trunk/modules/http/basic-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate basic authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: basic-auth-conf $*
@@ -36,16 +34,8 @@ cat >>$root/conf/auth.conf <<EOF
 AuthType Basic
 AuthName "$host"
 AuthBasicProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
 </Location>
 
 EOF
 
-# Create test users
-touch $root/conf/httpd.passwd
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/cert-auth-conf b/sca-cpp/trunk/modules/http/cert-auth-conf
index 00494d99f2..c6720c7ae4 100755
--- a/sca-cpp/trunk/modules/http/cert-auth-conf
+++ b/sca-cpp/trunk/modules/http/cert-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: cert-auth-conf $*
@@ -38,14 +36,12 @@ SSLVerifyDepth 1
 AuthType Basic
 AuthName "$host"
 AuthBasicProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
 </Location>
 
 EOF
 
-# Create certificate-based users
-touch $root/conf/httpd.passwd
+# Create password file and certificate-based users
 cat >>$root/conf/httpd.passwd <<EOF
 /C=US/ST=CA/L=San Francisco/O=$host/OU=server/CN=$host:\$1\$OXLyS...\$Owx8s2/m9/gfkcRVXzgoE/
 /C=US/ST=CA/L=San Francisco/O=$host/OU=proxy/CN=$host:\$1\$OXLyS...\$Owx8s2/m9/gfkcRVXzgoE/
diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf
index a58a800058..a9077116da 100755
--- a/sca-cpp/trunk/modules/http/form-auth-conf
+++ b/sca-cpp/trunk/modules/http/form-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate form authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: form-auth-conf $*
@@ -36,7 +34,6 @@ cat >>$root/conf/auth.conf <<EOF
 AuthType Form
 AuthName "$host"
 AuthFormProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
 Session On
@@ -55,10 +52,3 @@ SetHandler form-logout-handler
 
 EOF
 
-# Create test users
-touch $root/conf/httpd.passwd
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/group-auth-conf b/sca-cpp/trunk/modules/http/group-auth-conf
new file mode 100755
index 0000000000..dc8dad8641
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/group-auth-conf
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#    
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+here=`readlink -f $0`; here=`dirname $here`
+mkdir -p $1
+root=`readlink -f $1`
+user=$2
+group="members"
+
+# Add user to group
+cat $root/conf/httpd.groups | awk " BEGIN { found = 0 } /$group: / { printf \"%s %s\n\", \$0, \"$user\"; found = 1 } !/$group: / { printf \"%s\n\", \$0 } END { if (found == 0) printf \"%s: %s\n\", \"$group\", \"$user\" } " >$root/conf/.httpd.groups.tmp 2>/dev/null
+cp $root/conf/.httpd.groups.tmp $root/conf/httpd.groups
+rm $root/conf/.httpd.groups.tmp
+
+# Generate HTTPD group authorization configuration
+conf=`cat $root/conf/auth.conf | grep "Generated by: group-auth-conf"`
+if [ "$conf" = "" ]; then
+    cat >>$root/conf/auth.conf <<EOF
+# Generated by: group-auth-conf $1
+# Allow group member access to root location
+<Location />
+AuthGroupFile "$root/conf/httpd.groups"
+Require group members
+</Location>
+
+EOF
+fi
+
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index a77141af5f..ed2b7bb06d 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -230,11 +230,21 @@ Require all granted
 # Allow authorized access to root location
 <Location />
 Options FollowSymLinks
+AuthUserFile "$root/conf/httpd.passwd"
 Require all granted
 </Location>
 
 EOF
 
+# Create password and group files
+cat >$root/conf/httpd.passwd <<EOF
+# Generated by: httpd-conf $*
+EOF
+
+cat >$root/conf/httpd.groups <<EOF
+# Generated by: httpd-conf $*
+EOF
+
 # Generate vhost configuration
 cat >$root/conf/vhost.conf <<EOF
 # Generated by: httpd-conf $*
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 0a73809fa5..5882a18cb4 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -36,8 +36,6 @@ htdocs=`echo $conf | awk '{ print $8 }'`
 mkdir -p $htdocs
 htdocs=`readlink -f $htdocs`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Extract organization name from our CA certificate
 org=`openssl x509 -noout -subject -nameopt multiline -in $root/cert/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'`
 
diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf
index f2304a0b86..2bd5bc3504 100755
--- a/sca-cpp/trunk/modules/http/open-auth-conf
+++ b/sca-cpp/trunk/modules/http/open-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate form authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: open-auth-conf $*
@@ -36,7 +34,6 @@ AuthType Open
 AuthName "$host"
 AuthOpenAuth On
 AuthOpenAuthLoginPage /login
-AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
 </Location>
 
@@ -45,7 +42,6 @@ Require valid-user
 AuthType Form
 AuthName "$host"
 AuthFormProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
 Session On
@@ -57,10 +53,3 @@ SetHandler form-login-handler
 
 EOF
 
-# Create test users
-touch $root/conf/httpd.passwd
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/passwd-auth-conf b/sca-cpp/trunk/modules/http/passwd-auth-conf
new file mode 100755
index 0000000000..89a3f19e4b
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/passwd-auth-conf
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#    
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+here=`readlink -f $0`; here=`dirname $here`
+mkdir -p $1
+root=`readlink -f $1`
+user=$2
+pass=$3
+
+httpd_prefix=`cat $here/httpd.prefix`
+
+# Create password file
+touch $root/conf/httpd.passwd
+$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd $user $pass 2>/dev/null
+
diff --git a/sca-cpp/trunk/modules/http/tunnel-ssl-conf b/sca-cpp/trunk/modules/http/tunnel-ssl-conf
index c401a73253..8cf4ada20a 100755
--- a/sca-cpp/trunk/modules/http/tunnel-ssl-conf
+++ b/sca-cpp/trunk/modules/http/tunnel-ssl-conf
@@ -30,8 +30,6 @@ sslhost=$3
 sslport=$4
 tport=$5
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate HTTPD configuration
 cat >>$root/conf/httpd.conf <<EOF
 # Generated by: tunnel-ssl-conf $*
diff --git a/sca-cpp/trunk/modules/oauth/start-mixed-test b/sca-cpp/trunk/modules/oauth/start-mixed-test
index c368c29ed2..bfd7667ce4 100755
--- a/sca-cpp/trunk/modules/oauth/start-mixed-test
+++ b/sca-cpp/trunk/modules/oauth/start-mixed-test
@@ -45,6 +45,13 @@ here=`readlink -f $0`; here=`dirname $here`
 ../openid/openid-memcached-conf tmp localhost 11213
 
 ../http/open-auth-conf tmp
+../http/passwd-auth-conf tmp foo foo
+
+# For this test to work you need to add your form, oauth and open id ids
+# to the authorized user group
+../../modules/http/group-auth-conf tmp foo
+../../modules/http/group-auth-conf tmp 123456
+../../modules/http/group-auth-conf tmp https://www.google.com/accounts/o8/id?id=12345678
 
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
diff --git a/sca-cpp/trunk/modules/oauth/start-test b/sca-cpp/trunk/modules/oauth/start-test
index 8fd9d01302..0e859ce6e6 100755
--- a/sca-cpp/trunk/modules/oauth/start-test
+++ b/sca-cpp/trunk/modules/oauth/start-test
@@ -18,6 +18,9 @@
 #  under the License.
 
 # Setup
+../../ubuntu/ip-redirect-all 80 8090
+../../ubuntu/ip-redirect-all 443 8453
+
 ../../components/cache/memcached-start 11212
 ../../components/cache/memcached-start 11213
 
@@ -36,6 +39,10 @@
 ./oauth2-appkey-conf tmp facebook.com app1234 secret6789
 ./oauth2-appkey-conf tmp github.com app5678 secret8901
 
+# For this test to work you need to add your oauth user id to the
+# authorized user group
+../../modules/http/group-auth-conf tmp 123456
+
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/modules/openid/start-test b/sca-cpp/trunk/modules/openid/start-test
index 55e7a13f26..7ae27c57cd 100755
--- a/sca-cpp/trunk/modules/openid/start-test
+++ b/sca-cpp/trunk/modules/openid/start-test
@@ -31,6 +31,10 @@
 ./openid-memcached-conf tmp localhost 11213
 ./openid-step2-conf tmp
 
+# For this test to work you need to add your openid to the
+# the authorized user group
+../../modules/http/group-auth-conf tmp https://www.google.com/accounts/o8/id?id=1234567
+
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-cluster/server-ssl-conf b/sca-cpp/trunk/samples/store-cluster/server-ssl-conf
index 70662daab2..612dc6be47 100755
--- a/sca-cpp/trunk/samples/store-cluster/server-ssl-conf
+++ b/sca-cpp/trunk/samples/store-cluster/server-ssl-conf
@@ -41,6 +41,7 @@ tar -C tmp/ssl -c `../../modules/http/ssl-cert-find tmp/ssl` | tar -C $root -x
 ../../modules/openid/openid-memcached-conf $root localhost 11212
 ../../modules/openid/openid-memcached-conf $root localhost 11213
 ../../modules/http/open-auth-conf $root
+../../modules/http/passwd-auth-conf $root foo foo
 
 ../../modules/server/server-conf $root
 ../../modules/python/python-conf $root
diff --git a/sca-cpp/trunk/samples/store-cpp/ssl-start b/sca-cpp/trunk/samples/store-cpp/ssl-start
index f65b951c24..01ee0eb76c 100755
--- a/sca-cpp/trunk/samples/store-cpp/ssl-start
+++ b/sca-cpp/trunk/samples/store-cpp/ssl-start
@@ -22,6 +22,7 @@
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/basic-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/server/cpp-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-java/ssl-start b/sca-cpp/trunk/samples/store-java/ssl-start
index daad068cb5..3d4642dea6 100755
--- a/sca-cpp/trunk/samples/store-java/ssl-start
+++ b/sca-cpp/trunk/samples/store-java/ssl-start
@@ -22,6 +22,7 @@
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/basic-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/java/java-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-nosql/ssl-start b/sca-cpp/trunk/samples/store-nosql/ssl-start
index 067ea4640f..c536e9b3f2 100755
--- a/sca-cpp/trunk/samples/store-nosql/ssl-start
+++ b/sca-cpp/trunk/samples/store-nosql/ssl-start
@@ -22,6 +22,7 @@
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/basic-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-python/ssl-start b/sca-cpp/trunk/samples/store-python/ssl-start
index fdcd16c6c4..60b9bb5ace 100755
--- a/sca-cpp/trunk/samples/store-python/ssl-start
+++ b/sca-cpp/trunk/samples/store-python/ssl-start
@@ -22,6 +22,7 @@
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/open-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/python/python-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-scheme/ssl-start b/sca-cpp/trunk/samples/store-scheme/ssl-start
index 667e2593cc..70e62f1f04 100755
--- a/sca-cpp/trunk/samples/store-scheme/ssl-start
+++ b/sca-cpp/trunk/samples/store-scheme/ssl-start
@@ -22,6 +22,7 @@
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/basic-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-sql/ssl-start b/sca-cpp/trunk/samples/store-sql/ssl-start
index 2287d2a546..58ce2070ee 100755
--- a/sca-cpp/trunk/samples/store-sql/ssl-start
+++ b/sca-cpp/trunk/samples/store-sql/ssl-start
@@ -22,6 +22,7 @@
 ../../modules/http/httpd-conf tmp localhost 8090 htdocs
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/basic-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/server/scheme-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
diff --git a/sca-cpp/trunk/samples/store-vhost/ssl-start b/sca-cpp/trunk/samples/store-vhost/ssl-start
index e4f2e58524..6f715afb89 100755
--- a/sca-cpp/trunk/samples/store-vhost/ssl-start
+++ b/sca-cpp/trunk/samples/store-vhost/ssl-start
@@ -28,6 +28,7 @@
 ../../modules/http/httpd-ssl-conf tmp 8453
 ../../modules/http/vhost-ssl-conf tmp
 ../../modules/http/basic-auth-conf tmp
+../../modules/http/passwd-auth-conf tmp foo foo
 ../../modules/server/server-conf tmp
 ../../modules/python/python-conf tmp
 cat >>tmp/conf/httpd.conf <<EOF
author	jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>	2010-12-03 03:59:19 +0000
committer	jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>	2010-12-03 03:59:19 +0000
commit	8d13a8e4dbc51852b02c647b8c76b59a1922049b (patch)
tree	4708ff546febb6a9457daf967f7b8893610d8d06 /sca-cpp
parent	6f3e045ffeef4645a182ccc80ecd37e1803dd44d (diff)