summaryrefslogtreecommitdiffstats
path: root/sca-cpp
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2012-02-20 07:20:15 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2012-02-20 07:20:15 +0000
commit8fdc6a6dc4b2b23b923d8cbfba5190933155e95d (patch)
tree2d446c4c3f20ce56d2669ffc29d07c17a4e96ed2 /sca-cpp
parent08adcf2e783e4733e0fd646d353db3592c62140d (diff)
Refactor auth configuration to allow HTTP and HTTPS virtual hosts to use different auth mechanisms, and refactor log configuration to make it easier to use.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1291133 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp')
-rwxr-xr-xsca-cpp/trunk/modules/http/basic-auth-conf11
-rwxr-xr-xsca-cpp/trunk/modules/http/cert-auth-conf11
-rwxr-xr-xsca-cpp/trunk/modules/http/form-auth-conf11
-rwxr-xr-xsca-cpp/trunk/modules/http/group-auth-conf13
-rw-r--r--sca-cpp/trunk/modules/http/htdocs/login/index.html1
-rw-r--r--sca-cpp/trunk/modules/http/htdocs/logout/index.html1
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-conf20
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-loglevel-conf32
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf30
-rwxr-xr-xsca-cpp/trunk/modules/http/open-auth-conf11
-rwxr-xr-xsca-cpp/trunk/modules/http/vhost-conf10
-rwxr-xr-xsca-cpp/trunk/modules/http/vhost-ssl-conf10
-rwxr-xr-xsca-cpp/trunk/modules/oauth/oauth-conf14
-rwxr-xr-xsca-cpp/trunk/modules/oauth/oauth-memcached-conf7
-rwxr-xr-xsca-cpp/trunk/modules/openid/openid-conf26
-rwxr-xr-xsca-cpp/trunk/modules/openid/openid-step2-conf11
-rw-r--r--sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch6
-rw-r--r--sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/login/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/logout/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/login/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/logout/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-python/htdocs/login/index.html1
-rw-r--r--sca-cpp/trunk/samples/store-python/htdocs/logout/index.html1
25 files changed, 201 insertions, 32 deletions
diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf
index f376124da7..77ca054f1c 100755
--- a/sca-cpp/trunk/modules/http/basic-auth-conf
+++ b/sca-cpp/trunk/modules/http/basic-auth-conf
@@ -25,15 +25,22 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
# Generated by: basic-auth-conf $*
# Disallow public access to server resources
EOF
# Generate basic authentication configuration
-cat >>$root/conf/auth.conf <<EOF
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: basic-auth-conf $*
# Require clients to present a userid + password for HTTP
# basic authentication
diff --git a/sca-cpp/trunk/modules/http/cert-auth-conf b/sca-cpp/trunk/modules/http/cert-auth-conf
index 4959fab14a..514e46324f 100755
--- a/sca-cpp/trunk/modules/http/cert-auth-conf
+++ b/sca-cpp/trunk/modules/http/cert-auth-conf
@@ -25,15 +25,22 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
# Generated by: cert-auth-conf $*
# Disallow public access to server resources
EOF
# Generate authentication configuration
-cat >>$root/conf/auth.conf <<EOF
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: cert-auth-conf $*
# Require clients to present a valid client certificate
SSLVerifyClient require
diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf
index defa1bf8b1..4ba3bec23a 100755
--- a/sca-cpp/trunk/modules/http/form-auth-conf
+++ b/sca-cpp/trunk/modules/http/form-auth-conf
@@ -27,15 +27,22 @@ host=`echo $conf | awk '{ print $6 }'`
pw=`cat $root/cert/ca.key | head -2 | tail -1`
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
# Generated by: form-auth-conf $*
# Disallow public access to server resources
EOF
# Generate form authentication configuration
-cat >>$root/conf/auth.conf <<EOF
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: form-auth-conf $*
# Require clients to present a userid + password through form-based
# authentication
diff --git a/sca-cpp/trunk/modules/http/group-auth-conf b/sca-cpp/trunk/modules/http/group-auth-conf
index 726c55982d..e9617f696a 100755
--- a/sca-cpp/trunk/modules/http/group-auth-conf
+++ b/sca-cpp/trunk/modules/http/group-auth-conf
@@ -23,8 +23,15 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
user=$2
group="members"
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
# Generated by: group-auth-conf $*
# Disallow public access to server resources
@@ -36,9 +43,9 @@ cp $root/conf/.httpd.groups.tmp $root/conf/httpd.groups
rm $root/conf/.httpd.groups.tmp
# Generate HTTPD group authorization configuration
-conf=`cat $root/conf/auth.conf | grep "Generated by: group-auth-conf"`
+conf=`cat $root/conf/locauth$sslsuffix.conf | grep "Generated by: group-auth-conf"`
if [ "$conf" = "" ]; then
- cat >>$root/conf/auth.conf <<EOF
+ cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: group-auth-conf $1
# Allow group member access to root location
<Location />
diff --git a/sca-cpp/trunk/modules/http/htdocs/login/index.html b/sca-cpp/trunk/modules/http/htdocs/login/index.html
index 8b0ad48bd6..99aeb31d1b 100644
--- a/sca-cpp/trunk/modules/http/htdocs/login/index.html
+++ b/sca-cpp/trunk/modules/http/htdocs/login/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign in</title>
</head>
<body>
diff --git a/sca-cpp/trunk/modules/http/htdocs/logout/index.html b/sca-cpp/trunk/modules/http/htdocs/logout/index.html
index 0365af36a1..4e7df1bcf3 100644
--- a/sca-cpp/trunk/modules/http/htdocs/logout/index.html
+++ b/sca-cpp/trunk/modules/http/htdocs/logout/index.html
@@ -24,6 +24,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign out</title>
</head>
<h1>Sign out</h1>
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index 5bcde9f633..e5e7f27287 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -101,6 +101,9 @@ Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate
Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate
Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate
+# Configuration auth modules
+Include conf/auth.conf
+
# Set default document root
DocumentRoot $htdocs
DirectoryIndex index-min.html index.html
@@ -112,11 +115,6 @@ AllowOverride None
Require all denied
</Directory>
-# Configure authentication
-Include conf/noauth.conf
-Include conf/auth.conf
-Include conf/pubauth.conf
-
# Configure output filters to enable compression and rate limiting
<Location />
SetOutputFilter RATE_LIMIT;DEFLATE
@@ -144,6 +142,12 @@ RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
</Location>
Include conf/svhost.conf
+
+# Configure authentication
+Include conf/noauth.conf
+Include conf/locauth.conf
+Include conf/pubauth.conf
+
</VirtualHost>
EOF
@@ -151,7 +155,6 @@ EOF
# Configure logging
cat >$root/conf/log.conf <<EOF
# Generated by: httpd-conf $*
-LogLevel notice
ErrorLog $root/logs/error_log
CustomLog $root/logs/access_log combined
@@ -227,6 +230,11 @@ EOF
# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*
+
+EOF
+
+cat >$root/conf/locauth.conf <<EOF
+# Generated by: httpd-conf $*
# Authentication and authorization configuration
# Allow authorized access to document root
diff --git a/sca-cpp/trunk/modules/http/httpd-loglevel-conf b/sca-cpp/trunk/modules/http/httpd-loglevel-conf
new file mode 100755
index 0000000000..c9d2ad81d5
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/httpd-loglevel-conf
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Configure HTTPD log level
+here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
+mkdir -p $1
+root=`echo "import os; print os.path.realpath('$1')" | python`
+level=$2
+
+# Configure log level
+cat >>$root/conf/log.conf <<EOF
+# Generated by: httpd-loglevel-conf $*
+LogLevel $level
+
+EOF
+
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index fda40f01f1..9bf98162ce 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -72,10 +72,39 @@ RewriteRule .* https://$host$sslpportsuffix%{REQUEST_URI} [R]
</Location>
Include conf/svhost-ssl.conf
+
+# Configure authentication
+Include conf/noauth-ssl.conf
+Include conf/locauth-ssl.conf
+Include conf/pubauth-ssl.conf
+
</VirtualHost>
EOF
+# Generate auth configuration
+cat >$root/conf/locauth-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Authentication and authorization configuration
+Include conf/locauth.conf
+
+EOF
+
+cat >$root/conf/pubauth-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Allow everyone to access public locations
+Include conf/pubauth.conf
+
+EOF
+
+# Allow public access to server resources
+cat >$root/conf/noauth-ssl.conf <<EOF
+# Generated by: httpd-conf $*
+# Allow public access to server resources
+Include conf/noauth.conf
+
+EOF
+
# Generate HTTP vhost configuration
cat >>$root/conf/svhost.conf <<EOF
# Generated by: httpd-ssl-conf $*
@@ -89,6 +118,7 @@ RewriteRule .* https://$host$sslpportsuffix%{REQUEST_URI} [R]
EOF
+# Redirect HTTP traffic to HTTPS in HTTP vhost
cat >>$root/conf/dvhost.conf <<EOF
# Generated by: httpd-ssl-conf $*
# Redirect HTTP traffic to HTTPS
diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf
index cb702596ef..9c209b8685 100755
--- a/sca-cpp/trunk/modules/http/open-auth-conf
+++ b/sca-cpp/trunk/modules/http/open-auth-conf
@@ -25,17 +25,24 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
pw=`cat $root/cert/ca.key | head -2 | tail -1`
# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
# Generated by: open-auth-conf $*
# Disallow public access to server resources
EOF
# Generate form authentication configuration
-cat >>$root/conf/auth.conf <<EOF
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: open-auth-conf $*
# Enable Tuscany open authentication
<Location />
diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf
index 2bcc158f48..554a1638cd 100755
--- a/sca-cpp/trunk/modules/http/vhost-conf
+++ b/sca-cpp/trunk/modules/http/vhost-conf
@@ -44,9 +44,17 @@ NameVirtualHost $vhost
<VirtualHost $vhost>
ServerName http://vhost.$host:$pport
ServerAlias *.$host
-VirtualDocumentRoot $vroot/%1/$vhtdocs/
+
+# Map /v/<app-name>/<path> to vroot/<app-name>/vhtdocs/<path>
+AliasMatch /v/([^/]+)(.*)$ $vroot/\$1/$vhtdocs/\$2
Include conf/dvhost.conf
+
+# Configure authentication
+Include conf/noauth.conf
+Include conf/auth.conf
+Include conf/pubauth.conf
+
</VirtualHost>
EOF
diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf
index 28e9eefe76..8445a20325 100755
--- a/sca-cpp/trunk/modules/http/vhost-ssl-conf
+++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf
@@ -49,8 +49,16 @@ NameVirtualHost $sslvhost
<VirtualHost $sslvhost>
ServerName https://vhost.$host:$sslpport
ServerAlias *.$host
-VirtualDocumentRoot $vroot/%1/$vhtdocs/
+
+# Map /v/<app-name>/<path> to vroot/<app-name>/vhtdocs/<path>
+AliasMatch /v/([^/]+)(.*)$ $vroot/\$1/$vhtdocs/\$2
Include conf/dvhost-ssl.conf
+
+# Configure authentication
+Include conf/noauth-ssl.conf
+Include conf/auth-ssl.conf
+Include conf/pubauth-ssl.conf
+
</VirtualHost>
diff --git a/sca-cpp/trunk/modules/oauth/oauth-conf b/sca-cpp/trunk/modules/oauth/oauth-conf
index 23ec52b35f..0b8f14b636 100755
--- a/sca-cpp/trunk/modules/oauth/oauth-conf
+++ b/sca-cpp/trunk/modules/oauth/oauth-conf
@@ -32,6 +32,13 @@ fi
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Configure HTTPD mod_tuscany_oauth module
cat >>$root/conf/modules.conf <<EOF
# Generated by: oauth-conf $*
@@ -42,14 +49,14 @@ LoadModule mod_tuscany_oauth2 $here/libmod_tuscany_oauth2$libsuffix
EOF
# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
# Generated by: oauth-auth-conf $*
# Disallow public access to server resources
EOF
# Configure OAuth authentication
-cat >>$root/conf/auth.conf <<EOF
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: oauth-conf $*
# Enable OAuth authentication
<Location />
@@ -74,6 +81,9 @@ AddAuthOAuth1ScopeAttr FIRSTNAME first-name
AddAuthOAuth1ScopeAttr LASTNAME last-name
</Location>
+EOF
+
+cat >>$root/conf/auth.conf <<EOF
# Configure OAuth App keys
Include $root/cert/oauth-keys.conf
diff --git a/sca-cpp/trunk/modules/oauth/oauth-memcached-conf b/sca-cpp/trunk/modules/oauth/oauth-memcached-conf
index 83477562f8..0f5196b7a5 100755
--- a/sca-cpp/trunk/modules/oauth/oauth-memcached-conf
+++ b/sca-cpp/trunk/modules/oauth/oauth-memcached-conf
@@ -23,6 +23,13 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
host=$2
port=$3
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Configure HTTPD mod_tuscany_oauth module cache
cat >>$root/conf/auth.conf <<EOF
# Generated by: oauth-memcached-conf $*
diff --git a/sca-cpp/trunk/modules/openid/openid-conf b/sca-cpp/trunk/modules/openid/openid-conf
index c9e2d85586..f4f715ce99 100755
--- a/sca-cpp/trunk/modules/openid/openid-conf
+++ b/sca-cpp/trunk/modules/openid/openid-conf
@@ -26,14 +26,14 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
openid_prefix=`cat $here/openid.prefix`
-# Disallow public access to server resources
-cat >$root/conf/noauth.conf <<EOF
-# Generated by: openid-auth-conf $*
-# Disallow public access to server resources
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
-EOF
-
-# Configure OpenID authentication
+# Configure HTTPD mod_auth_openid module
cat >>$root/conf/modules.conf <<EOF
# Generated by: openid-conf $*
# Load support for OpenID authentication
@@ -41,7 +41,15 @@ LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
EOF
-cat >>$root/conf/auth.conf <<EOF
+# Disallow public access to server resources
+cat >$root/conf/noauth$sslsuffix.conf <<EOF
+# Generated by: openid-auth-conf $*
+# Disallow public access to server resources
+
+EOF
+
+# Configure OpenID authentication
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: openid-conf $*
# Enable OpenID authentication
<Location />
@@ -62,7 +70,7 @@ AuthOpenIDAXAdd LASTNAME http://axschema.org/namePerson/last
EOF
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/pubauth$sslsuffix.conf <<EOF
# Generated by: openid-conf $*
# Allow public access to /openid location
<Location /openid>
diff --git a/sca-cpp/trunk/modules/openid/openid-step2-conf b/sca-cpp/trunk/modules/openid/openid-step2-conf
index e9144b873a..f6ac968bfc 100755
--- a/sca-cpp/trunk/modules/openid/openid-step2-conf
+++ b/sca-cpp/trunk/modules/openid/openid-step2-conf
@@ -25,8 +25,15 @@ root=`echo "import os; print os.path.realpath('$1')" | python`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
+sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"`
+if [ "$sslconf" = "" ]; then
+ sslsuffix=""
+else
+ sslsuffix="-ssl"
+fi
+
# Configure HTTPD to serve OpenID XRDS and LRDD documents
-cat >>$root/conf/auth.conf <<EOF
+cat >>$root/conf/locauth$sslsuffix.conf <<EOF
# Generated by: openid-step2-conf $*
# Serve OpenID XRDS document
Alias /openid $root/conf/openid.xrds
@@ -42,7 +49,7 @@ ForceType text/plain
EOF
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/pubauth$sslsuffix.conf <<EOF
# Generated by: openid-step2-conf $*
# Allow access to /.well-known/host-meta location
<Location /.well-known/host-meta>
diff --git a/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch b/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch
index 2ff56de749..a0935b5bc2 100644
--- a/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch
+++ b/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch
@@ -6,3 +6,9 @@
---
> #SecRule ARGS "(?:ft|htt)ps?.*\?+$" \
> # "phase:2,rev:'2.2.2',t:none,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,block,status:501,msg:'Remote File Inclusion Attack',id:'950119',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.rfi_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/RFI-%{matched_var_name}=%{tx.0}"
+--- base_rules/modsecurity_crs_50_outbound.conf
++++ base_rules/modsecurity_crs_50_outbound.conf
+39c39
+< SecRule RESPONSE_BODY "\<\%" "phase:4,rev:'2.2.2',chain,t:none,capture,ctl:auditLogParts=+E,block,msg:'ASP/JSP source code leakage',id:'970903',tag:'LEAKAGE/SOURCE_CODE_ASP_JSP',tag:'WASCTC/WASC-13',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.6',severity:'3'"
+---
+> #SecRule RESPONSE_BODY "\<\%" "phase:4,rev:'2.2.2',chain,t:none,capture,ctl:auditLogParts=+E,block,msg:'ASP/JSP source code leakage',id:'970903',tag:'LEAKAGE/SOURCE_CODE_ASP_JSP',tag:'WASCTC/WASC-13',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.6',severity:'3'"
diff --git a/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/login/index.html b/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/login/index.html
index 346e3fcea8..5bdd1132be 100644
--- a/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/login/index.html
+++ b/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/login/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign in</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/logout/index.html b/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/logout/index.html
index 7780e9dec3..56dfa71962 100644
--- a/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/logout/index.html
+++ b/sca-cpp/trunk/samples/store-cluster/domains/jane/htdocs/logout/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign out</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/login/index.html b/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/login/index.html
index 346e3fcea8..5bdd1132be 100644
--- a/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/login/index.html
+++ b/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/login/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign in</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/logout/index.html b/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/logout/index.html
index e16183015f..5f7880d626 100644
--- a/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/logout/index.html
+++ b/sca-cpp/trunk/samples/store-cluster/domains/joe/htdocs/logout/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign out</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html
index 346e3fcea8..5bdd1132be 100644
--- a/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign in</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html b/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html
index 7780e9dec3..56dfa71962 100644
--- a/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html
+++ b/sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign out</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-python/htdocs/login/index.html b/sca-cpp/trunk/samples/store-python/htdocs/login/index.html
index 8b0ad48bd6..99aeb31d1b 100644
--- a/sca-cpp/trunk/samples/store-python/htdocs/login/index.html
+++ b/sca-cpp/trunk/samples/store-python/htdocs/login/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign in</title>
</head>
<body>
diff --git a/sca-cpp/trunk/samples/store-python/htdocs/logout/index.html b/sca-cpp/trunk/samples/store-python/htdocs/logout/index.html
index e16183015f..5f7880d626 100644
--- a/sca-cpp/trunk/samples/store-python/htdocs/logout/index.html
+++ b/sca-cpp/trunk/samples/store-python/htdocs/logout/index.html
@@ -23,6 +23,7 @@
<meta name="apple-mobile-web-app-capable" content="yes"/>
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"/>
<link rel="stylesheet" type="text/css" href="/ui.css"/>
+<script type="text/javascript" src="/util.js"></script>
<title>Sign out</title>
</head>
<body>