From 5cc3ef4b5260a20ce28c3ada0d7edb364ca1688b Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Mon, 9 Apr 2012 06:22:06 +0000 Subject: Enable administrative access using basic auth. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1311136 13f79535-47bb-0310-9956-ffa450edef68 --- sca-cpp/trunk/modules/http/httpd-conf | 21 +++++++++++++++++---- sca-cpp/trunk/modules/http/httpd-ssl-conf | 8 ++++++++ sca-cpp/trunk/modules/http/proxy-base-conf | 4 +--- sca-cpp/trunk/modules/http/proxy-conf | 4 +--- sca-cpp/trunk/modules/http/proxy-ssl-conf | 1 - sca-cpp/trunk/modules/http/vhost-conf | 1 + sca-cpp/trunk/modules/http/vhost-ssl-conf | 1 + sca-cpp/trunk/modules/oauth/mod-oauth1.cpp | 5 ++++- sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | 5 ++++- 9 files changed, 37 insertions(+), 13 deletions(-) (limited to 'sca-cpp') diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index f940073a91..74b3944cc1 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -121,6 +121,7 @@ SetOutputFilter RATE_LIMIT;DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html +BrowserMatch ^check_http/ check_http SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary @@ -141,12 +142,24 @@ RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC] RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R] +# Enable server status + +SetHandler server-status +HostnameLookups on + + + +SetHandler server-info +HostnameLookups on + + Include conf/svhost.conf # Configure authentication Include conf/noauth.conf Include conf/locauth.conf Include conf/pubauth.conf +Include conf/adminauth.conf @@ -299,16 +312,16 @@ AuthType None Require all granted +EOF + +cat >$root/conf/adminauth.conf < -SetHandler server-status -HostnameLookups on Require user admin -SetHandler server-info -HostnameLookups on Require user admin diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index cb5ccfb8db..420d08ff87 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -78,6 +78,7 @@ Include conf/svhost-ssl.conf Include conf/noauth-ssl.conf Include conf/locauth-ssl.conf Include conf/pubauth-ssl.conf +Include conf/adminauth-ssl.conf @@ -98,6 +99,13 @@ Include conf/pubauth.conf EOF +cat >$root/conf/adminauth-ssl.conf <$root/conf/noauth-ssl.conf < SetHandler balancer-manager HostnameLookups on -Require user admin EOF -cat >>$root/conf/pubauth.conf <>$root/conf/adminauth.conf < -HostnameLookups on Require user admin diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf index 4c445db9fa..b2156e6f74 100755 --- a/sca-cpp/trunk/modules/http/proxy-conf +++ b/sca-cpp/trunk/modules/http/proxy-conf @@ -44,16 +44,14 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s SetHandler balancer-manager HostnameLookups on -Require user admin EOF -cat >>$root/conf/pubauth.conf <>$root/conf/adminauth.conf < -HostnameLookups on Require user admin diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf index d87aea6670..94318d7db5 100755 --- a/sca-cpp/trunk/modules/http/proxy-ssl-conf +++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf @@ -44,7 +44,6 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s SetHandler balancer-manager HostnameLookups on -Require user admin EOF diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf index 554a1638cd..6d977eb1d5 100755 --- a/sca-cpp/trunk/modules/http/vhost-conf +++ b/sca-cpp/trunk/modules/http/vhost-conf @@ -54,6 +54,7 @@ Include conf/dvhost.conf Include conf/noauth.conf Include conf/auth.conf Include conf/pubauth.conf +Include conf/adminauth.conf diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf index 8445a20325..915137b51f 100755 --- a/sca-cpp/trunk/modules/http/vhost-ssl-conf +++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf @@ -59,6 +59,7 @@ Include conf/dvhost-ssl.conf Include conf/noauth-ssl.conf Include conf/auth-ssl.conf Include conf/pubauth-ssl.conf +Include conf/adminauth-ssl.conf diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index 29fe756178..b927315393 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -435,7 +435,10 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc)); } - // Redirect to the login page, unless we have a session id from another module + // Redirect to the login page, unless we have a session id or an authorization + // header from another module + if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL) + return DECLINED; if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) || hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) || hasContent(openauth::sessionID(r, "TuscanyOAuth2"))) diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index dbede7ed8b..05ad77d646 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -308,7 +308,10 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.cs, sc.mc)); } - // Redirect to the login page, unless we have a session id from another module + // Redirect to the login page, unless we have a session id or an authorization + // header from another module + if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL) + return DECLINED; if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) || hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) || hasContent(openauth::sessionID(r, "TuscanyOAuth1"))) -- cgit v1.2.3