archive/apache-tuscany
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Port to HTTPD 2.3.8. Add an auth module to make OpenID, OAuth 1/2 and HTTPD 2.3 Form auth modules play nice together.

Browse source 
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1034693 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
jsdelfino 2010-11-13 07:53:10 +00:00
parent 1b5f778e51
commit 3ac22b097d
57 changed files with 890 additions and 279 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
sca-cpp/trunk/INSTALL
View file

@ -57,7 +57,7 @@ http://svn.apache.org/repos/asf/tuscany/sca-cpp/trunk/ubuntu/ubuntu-gcc-4.5
Then install the following development dependencies:
Apache HTTP server and APR:
httpd-2.2.16 (http://httpd.apache.org/)
httpd-2.3.8 (http://httpd.apache.org/)
with included libapr and libaprutil
built with OpenSSL libssl-0.9.8g
@ -179,7 +179,7 @@ dependencies installed in the standard system directories and some of the
dependencies installed under $HOME:
./configure --prefix=$HOME/tuscany-sca-cpp-bin \
--with-apr=$HOME/httpd-2.2.16-bin --with-httpd=$HOME/httpd-2.2.16-bin \
--with-apr=$HOME/httpd-2.3.8-bin --with-httpd=$HOME/httpd-2.3.8-bin \
--with-memcached=$HOME/memcached-1.4.5-bin \
--with-tinycdb=$HOME/tinycdb-0.77-bin \
--with-curl=$HOME/curl-7.19.5-bin --with-libxml2=/usr \
@ -233,15 +233,14 @@ Building dependencies from source
Here are example build and install steps for some of the dependencies.
Apache HTTPD, including APR, using the HTTP prefork MPM (recommended):
wget http://archive.apache.org/dist/httpd/httpd-2.2.16.tar.gz
tar xzf httpd-2.2.16.tar.gz
cd httpd-2.2.16
wget http://archive.apache.org/dist/httpd/httpd-2.3.8.tar.gz
tar xzf httpd-2.3.8.tar.gz
cd httpd-2.3.8
./configure --enable-ssl --enable-proxy --enable-usertrack \
--enable-mods-shared=most --with-included-apr --with-mpm=prefork \
--prefix=$HOME/httpd-2.2.16-bin
--with-included-apr --with-mpm=prefork --prefix=$HOME/httpd-2.3.8-bin
make
make install
export PATH=$HOME/httpd-2.2.16-bin/bin:$PATH
export PATH=$HOME/httpd-2.3.8-bin/bin:$PATH
Memcached:
wget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz
@ -288,7 +287,7 @@ wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz
tar xzf axis2c-src-1.6.0.tar.gz
cd axis2c-src-1.6.0
./configure --enable-libxml2 --enable-openssl \
--with-apache2=$HOME/httpd-2.2.16-bin/include --prefix=$HOME/axis2c-1.6.0-bin
--with-apache2=$HOME/httpd-2.3.8-bin/include --prefix=$HOME/axis2c-1.6.0-bin
make
make install
export AXIS2C_HOME=$HOME/axis2c-1.6.0-bin
@ -337,7 +336,7 @@ git clone git://github.com/jsdelfino/mod_auth_openid.git
cd mod_auth_openid
./autogen.sh
./configure --prefix=$HOME/mod-auth-openid-bin \
--with-apr=$HOME/httpd-2.2.16-bin --with-httpd=$HOME/httpd-2.2.16-bin \
--with-apr=$HOME/httpd-2.3.8-bin --with-httpd=$HOME/httpd-2.3.8-bin \
--with-curl=$HOME/curl-7.19.5-bin --with-libopkele=$HOME/libopkele-bin
make
make install

13
sca-cpp/trunk/modules/http/Makefile.am
View file

@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
incl_HEADERS = *.hpp
incldir = $(prefix)/include/modules/http
dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf httpd-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf
dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf form-auth-conf open-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf
moddir=$(prefix)/modules/http
curl_test_SOURCES = curl-test.cpp
@ -32,18 +32,23 @@ curl_get_LDFLAGS = -lxml2 -lcurl -lmozjs
curl_connect_SOURCES = curl-connect.cpp
curl_connect_LDFLAGS = -lxml2 -lcurl -lmozjs
mod_LTLIBRARIES = libmod_tuscany_ssltunnel.la
noinst_DATA = libmod_tuscany_ssltunnel.so
mod_LTLIBRARIES = libmod_tuscany_ssltunnel.la libmod_tuscany_openauth.la
noinst_DATA = libmod_tuscany_ssltunnel.so libmod_tuscany_openauth.so
libmod_tuscany_ssltunnel_la_SOURCES = mod-ssltunnel.cpp
libmod_tuscany_ssltunnel_la_LDFLAGS = -lxml2 -lcurl -lmozjs
libmod_tuscany_ssltunnel.so:
ln -s .libs/libmod_tuscany_ssltunnel.so
libmod_tuscany_openauth_la_SOURCES = mod-openauth.cpp
libmod_tuscany_openauth_la_LDFLAGS = -lxml2 -lcurl -lmozjs
libmod_tuscany_openauth.so:
ln -s .libs/libmod_tuscany_openauth.so
mod_DATA = httpd.prefix httpd-apachectl.prefix httpd-modules.prefix curl.prefix
nobase_dist_mod_DATA = conf/*
EXTRA_DIST = htdocs/index.html
EXTRA_DIST = htdocs/index.html htdocs/login/index.html htdocs/logout/index.html
httpd.prefix: $(top_builddir)/config.status
echo ${HTTPD_PREFIX} >httpd.prefix

10
sca-cpp/trunk/modules/http/httpd-auth-conf → sca-cpp/trunk/modules/http/basic-auth-conf
View file

@ -17,7 +17,7 @@
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD SSL configuration
# Generate a minimal HTTPD basic authentication configuration
here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1
root=`readlink -f $1`
@ -28,13 +28,14 @@ host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix`
# Generate basic authentication configuration
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: httpd-auth-conf $*
cat >>$root/conf/auth.conf <<EOF
# Generated by: basic-auth-conf $*
# Require clients to present a userid + password for HTTP
# basic authentication
<Location />
AuthType Basic
AuthName "$host"
AuthBasicProvider file
AuthUserFile "$root/conf/httpd.passwd"
Require valid-user
</Location>
@ -42,7 +43,8 @@ Require valid-user
EOF
# Create test users
$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
touch $root/conf/httpd.passwd
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

64
sca-cpp/trunk/modules/http/form-auth-conf Executable file
View file

@ -0,0 +1,64 @@
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD form authentication configuration
here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1
root=`readlink -f $1`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix`
# Generate form authentication configuration
cat >>$root/conf/auth.conf <<EOF
# Generated by: form-auth-conf $*
# Require clients to present a userid + password through form-based
# authentication
<Location />
AuthType Form
AuthName "$host"
AuthFormProvider file
AuthUserFile "$root/conf/httpd.passwd"
AuthFormLoginRequiredLocation /login
AuthFormLogoutLocation /
Session On
SessionCookieName TuscanyFormAuth path=/;secure=TRUE
#SessionCryptoPassphrase secret
Require valid-user
</Location>
<Location /login/dologin>
SetHandler form-login-handler
</Location>
<Location /logout/dologout>
SetHandler form-logout-handler
</Location>
EOF
# Create test users
touch $root/conf/httpd.passwd
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

39
sca-cpp/trunk/modules/http/htdocs/login/index.html Normal file
View file

@ -0,0 +1,39 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in</h1>
<script type="text/javascript">
function submitFormSignin() {
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
</script>
<form name="formSignin" method="POST" action="/login/dologin">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr>
<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr>
</table>
<input type="hidden" name="httpd_location" value="/"/>
</form>
</body>
</html>

33
sca-cpp/trunk/modules/http/htdocs/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'TuscanyFormAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

9
sca-cpp/trunk/modules/http/http.hpp
View file

@ -159,19 +159,19 @@ const failable<CURL*> setup(const string& url, const CURLSession& cs) {
// Setup SSL options
if (cs.ca != "") {
debug(cs.ca, "http::apply::ca");
debug(cs.ca, "http::setup::ca");
curl_easy_setopt(ch, CURLOPT_CAINFO, c_str(cs.ca));
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 2);
} else
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, false);
if (cs.cert != "") {
debug(cs.cert, "http::apply::cert");
debug(cs.cert, "http::setup::cert");
curl_easy_setopt(ch, CURLOPT_SSLCERT, c_str(cs.cert));
curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
}
if (cs.key != "") {
debug(cs.key, "http::apply::key");
debug(cs.key, "http::setup::key");
curl_easy_setopt(ch, CURLOPT_SSLKEY, c_str(cs.key));
curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM");
}
@ -238,6 +238,8 @@ curl_slist* headers(curl_slist* cl, const list<string>& h) {
}
template<typename R> const failable<list<R> > apply(const list<list<string> >& hdr, const lambda<R(const string&, const R)>& reduce, const R& initial, const string& url, const string& verb, const CURLSession& cs) {
debug(url, "http::apply::url");
debug(verb, "http::apply::verb");
// Setup the CURL session
const failable<CURL*> fch = setup(url, cs);
@ -523,6 +525,7 @@ apr_pollfd_t* pollfd(apr_socket_t* s, const int e, const gc_pool& p) {
* Connect to a URL.
*/
const failable<bool> connect(const string& url, CURLSession& cs) {
debug(url, "http::connect::url");
// Setup the CURL session
const failable<CURL*> fch = setup(url, cs);

92
sca-cpp/trunk/modules/http/httpd-conf
View file

@ -52,19 +52,25 @@ PidFile $root/logs/httpd.pid
# after mod_rewrite's hooks)
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_default_module ${modules_prefix}/modules/mod_authn_default.so
LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
LoadModule authz_default_module ${modules_prefix}/modules/mod_authz_default.so
LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
LoadModule request_module ${modules_prefix}/modules/mod_request.so
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
@ -79,8 +85,16 @@ LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
LoadModule session_module ${modules_prefix}/modules/mod_session.so
#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel.so
LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth.so
# Basic security precautions
User $user
@ -103,7 +117,6 @@ CookieTracking on
CookieName TuscanyVisitorId
# Configure Mime types
DefaultType text/plain
TypesConfig $here/conf/mime.types
# Set default document root
@ -114,26 +127,44 @@ DirectoryIndex index.html
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<FilesMatch "^\.ht">
Order deny,allow
Deny from all
Satisfy Any
</FilesMatch>
# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
Allow from all
Require all denied
</Directory>
# Allow access to root location
<Location />
Options FollowSymLinks
Order deny,allow
Allow from all
# Configure authentication
Include conf/auth.conf
# Allow access to public locations
<Location /login>
AuthType None
Require all granted
</Location>
<Location /logout>
AuthType None
Require all granted
</Location>
<Location /public>
AuthType None
Require all granted
</Location>
<Location /openid>
AuthType None
Require all granted
</Location>
<Location /ui>
AuthType None
Require all granted
</Location>
<Location /wiring>
AuthType None
Require all granted
</Location>
<Location /.well-known/host-meta>
AuthType None
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
Require all granted
</Location>
# Listen on HTTP port
@ -152,6 +183,25 @@ Include conf/svhost.conf
EOF
# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*
# Authentication configuration
# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
Require all granted
</Directory>
# Allow access to root location
<Location />
Options FollowSymLinks
Require all granted
</Location>
EOF
# Generate vhost configuration
cat >$root/conf/vhost.conf <<EOF
# Generated by: httpd-conf $*

32
sca-cpp/trunk/modules/http/httpd-ssl-conf
View file

@ -51,7 +51,7 @@ AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:$root/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:$root/logs/ssl_mutex"
Mutex "file:$root/logs" ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
@ -68,7 +68,6 @@ Include conf/svhost-ssl.conf
<Location /server-status>
SetHandler server-status
HostnameLookups on
Allow from all
Require user admin
</Location>
@ -114,10 +113,10 @@ UseCanonicalName Off
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLOptions -StrictRequire +OptRenegotiate
SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
# Verify client certificates
SSLVerifyClient none
SSLVerifyClient optional
SSLVerifyDepth 1
# Enable SSL proxy engine
@ -143,19 +142,13 @@ cat >>$root/conf/vhost-ssl.conf <<EOF
<Location />
# Require clients to use SSL and authenticate
SSLRequireSSL
# Also accept other forms of authentication (e.g. HTTP basic
# authentication, or OpenID authentication)
Satisfy Any
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
EOF
proxyconf=`cat $root/conf/vhost.conf | grep "# Generated by: proxy-conf"`
if [ "$proxyconf" != "" ]; then
cat >>$root/conf/vhost-ssl.conf <<EOF
# In an proxy, only require a 128+ cipher key
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# Forward received SSL client certificate info in proxied requests
RewriteEngine on
RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}]
@ -184,18 +177,6 @@ RequestHeader set X-Forwarded-SSL-Client-DN-OU %{SSL_S_DN_OU}e env=SSL_S_DN_OU
EOF
else
cat >>$root/conf/vhost-ssl.conf <<EOF
# In a server, require a 128+ cipher key and one of the following
# - another server's certificate issued by our certificate authority
# - a proxy certificate + forwarded info on the client request certificate,
# both signed by our certificate authority
# - OpenID authentication (set by mod_auth_openid in the auth_type)
# - another valid form of authentication as per the Satisfy directive
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and ( \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "server" ) or \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "tunnel" ) or \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "proxy" and \
%{HTTP:X-Forwarded-SSL-Issuer-DN-O} == "$org" and %{HTTP:X-Forwarded-SSL-Client-DN-OU} == "server" ) or \
%{REQUEST_URI} =~ m/^.(login|logout|openid|public|ui).*$/ )
# Record received SSL client certificate info in environment vars
RewriteEngine on
@ -270,3 +251,8 @@ SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem"
EOF
# Configure user for HTTP fake basic auth
cat >$root/conf/httpd.passwd <<EOF
/C=US/ST=CA/L=San Francisco/O=$host/OU=server/CN=$host:\$1\$OXLyS...\$Owx8s2/m9/gfkcRVXzgoE/
EOF

29
sca-cpp/trunk/modules/http/httpd.hpp
View file

@ -31,14 +31,23 @@
#include <apr_lib.h>
#define APR_WANT_STRFUNC
#include <apr_want.h>
#include <apr_base64.h>
#include <httpd.h>
// Hack to workaround compile error with HTTPD 2.3.8
#define new new_
#include <http_config.h>
#undef new
#include <http_core.h>
#include <http_connection.h>
#include <http_request.h>
#include <http_protocol.h>
// Hack to workaround compile error with HTTPD 2.3.8
#define aplog_module_index aplog_module_index = 0
#include <http_log.h>
#undef aplog_module_index
#undef APLOG_MODULE_INDEX
#define APLOG_MODULE_INDEX (aplog_module_index ? *aplog_module_index : APLOG_NO_MODULE)
#include <http_main.h>
#include <util_script.h>
#include <util_md5.h>
@ -46,6 +55,8 @@
#include <http_log.h>
#include <ap_mpm.h>
#include <mod_core.h>
#include <ap_provider.h>
#include <mod_auth.h>
#include "string.hpp"
#include "stream.hpp"
@ -358,6 +369,7 @@ const failable<int> writeResult(const failable<list<string> >& ls, const string&
* Report a request execution status.
*/
const int reportStatus(const failable<int>& rc) {
debug(rc, "httpd::reportStatus::rc");
if (!hasContent(rc))
return HTTP_INTERNAL_SERVER_ERROR;
return content(rc);
@ -575,10 +587,11 @@ const failable<request_rec*, int> internalSubRequest(const string& nr_uri, reque
* Return an HTTP external redirect request.
*/
const int externalRedirect(const string& uri, request_rec* r) {
debug(uri, "httpd::externalRedirect");
r->status = HTTP_MOVED_TEMPORARILY;
apr_table_setn(r->headers_out, "Location", apr_pstrdup(r->pool, c_str(uri)));
r->filename = apr_pstrdup(r->pool, c_str(string("/redirect:/") + uri));
return OK;
return HTTP_MOVED_TEMPORARILY;
}
/**
@ -642,6 +655,12 @@ int debugNote(unused void* r, const char* key, const char* value) {
*/
const bool debugRequest(request_rec* r, const string& msg) {
cdebug << msg << ":" << endl;
cdebug << " unparsed uri: " << debugOptional(r->unparsed_uri) << endl;
cdebug << " uri: " << debugOptional(r->uri) << endl;
cdebug << " path info: " << debugOptional(r->path_info) << endl;
cdebug << " filename: " << debugOptional(r->filename) << endl;
cdebug << " uri tokens: " << pathTokens(r->uri) << endl;
cdebug << " args: " << debugOptional(r->args) << endl;
cdebug << " server: " << debugOptional(r->server->server_hostname) << endl;
cdebug << " protocol: " << debugOptional(r->protocol) << endl;
cdebug << " method: " << debugOptional(r->method) << endl;
@ -649,16 +668,10 @@ const bool debugRequest(request_rec* r, const string& msg) {
cdebug << " content type: " << contentType(r) << endl;
cdebug << " content encoding: " << debugOptional(r->content_encoding) << endl;
apr_table_do(debugHeader, r, r->headers_in, NULL);
cdebug << " unparsed uri: " << debugOptional(r->unparsed_uri) << endl;
cdebug << " uri: " << debugOptional(r->uri) << endl;
cdebug << " path info: " << debugOptional(r->path_info) << endl;
cdebug << " filename: " << debugOptional(r->filename) << endl;
cdebug << " uri tokens: " << pathTokens(r->uri) << endl;
cdebug << " args: " << debugOptional(r->args) << endl;
cdebug << " user: " << debugOptional(r->user) << endl;
cdebug << " auth type: " << debugOptional(r->ap_auth_type) << endl;
apr_table_do(debugEnv, r, r->subprocess_env, NULL);
apr_table_do(debugEnv, r, r->notes, NULL);
apr_table_do(debugNote, r, r->notes, NULL);
return true;
}

325
sca-cpp/trunk/modules/http/mod-openauth.cpp Normal file
View file

@ -0,0 +1,325 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/* $Rev$ $Date$ */
/**
* HTTPD module for Tuscany Open authentication.
*
* This module allows multiple authentication mechanisms to co-exist in a
* single Web site:
* - OAuth1 using Tuscany's mod-tuscany-oauth1
* - OAuth2 using Tuscany's mod-tuscany-oauth2
* - OpenID using mod_auth_openid
* - Form-based using HTTPD's mod_auth_form
* - SSL certificate using SSLFakeBasicAuth and mod_auth_basic
*/
#include <sys/stat.h>
#include "string.hpp"
#include "stream.hpp"
#include "list.hpp"
#include "tree.hpp"
#include "value.hpp"
#include "monad.hpp"
#include "httpd.hpp"
#include "http.hpp"
#include "openauth.hpp"
extern "C" {
extern module AP_MODULE_DECLARE_DATA mod_tuscany_openauth;
}
namespace tuscany {
namespace openauth {
/**
* Server configuration.
*/
class ServerConf {
public:
ServerConf(apr_pool_t* p, server_rec* s) : p(p), server(s) {
}
const gc_pool p;
server_rec* server;
};
/**
* Directory configuration.
*/
class DirConf {
public:
DirConf(apr_pool_t* p, char* d) : p(p), dir(d), enabled(false), login("") {
}
const gc_pool p;
const char* dir;
bool enabled;
string login;
};
/**
* Return the user info from a form auth session cookie.
*/
const failable<value> userInfo(const value& sid, const string& realm) {
const list<list<value>> info = httpd::queryArgs(sid);
debug(info, "modopenauth::userInfo::info");
const list<value> user = assoc<value>(realm + "-user", info);
if (isNil(user))
return mkfailure<value>("Couldn't retrieve user id");
const list<value> pw = assoc<value>(realm + "-pw", info);
if (isNil(pw))
return mkfailure<value>("Couldn't retrieve password");
return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", cadr(user)), mklist<value>("password", cadr(pw))));
}
/**
* Return the user info from a basic auth header.
*/
const failable<value> userInfo(const char* header, const string& realm, request_rec* r) {
debug(header, "modopenauth::userInfo::header");
if (strcasecmp(ap_getword(r->pool, &header, ' '), "Basic"))
return mkfailure<value>("Wrong authentication scheme");
while (apr_isspace(*header))
header++;
char *decoded_line = (char*)apr_palloc(r->pool, apr_base64_decode_len(header) + 1);
int length = apr_base64_decode(decoded_line, header);
decoded_line[length] = '\0';
const string user(ap_getword_nulls(r->pool, const_cast<const char**>(&decoded_line), ':'));
const string pw(decoded_line);
return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", user), mklist<value>("password", pw)));
}
/**
* Handle an authenticated request.
*/
const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
debug(info, "modopenauth::authenticated::info");
// Store user info in the request
const list<value> realm = assoc<value>("realm", info);
if (isNil(realm) || isNil(cdr(realm)))
return mkfailure<int>("Couldn't retrieve realm");
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
const list<value> id = assoc<value>("id", info);
if (isNil(id) || isNil(cdr(id)))
return mkfailure<int>("Couldn't retrieve user id");
r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(id))));
return OK;
}
/**
* Run the authnz hooks to try to authenticate a request.
*/
const failable<int> checkAuthnz(const string& user, const string& pw, request_rec* r) {
const authn_provider* provider = (const authn_provider*)ap_lookup_provider(AUTHN_PROVIDER_GROUP, AUTHN_DEFAULT_PROVIDER, AUTHN_PROVIDER_VERSION);
if (!provider || !provider->check_password)
return mkfailure<int>("No Authn provider configured");
apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER);
const authn_status auth_result = provider->check_password(r, c_str(user), c_str(pw));
apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE);
if (auth_result != AUTH_GRANTED)
return mkfailure<int>("Authentication failure for: " + user);
return OK;
}
/**
* Check user authentication.
*/
static int checkAuthn(request_rec *r) {
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_openauth);
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modopenauth::checkAuthn::input");
// Get session id from the request
const maybe<string> sid = sessionID(r);
if (hasContent(sid)) {
// Decline if the session id was not created by this module
const string stype = substr(content(sid), 0, 7);
if (stype == "OAuth2_" || stype == "OAuth1_" || stype == "OpenID_")
return DECLINED;
// Retrieve the auth realm
const char* aname = ap_auth_name(r);
if (aname == NULL)
return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
// Extract user info from the session id
const failable<value> info = userInfo(content(sid), aname);
if (hasContent(info)) {
// Try to authenticate the request
const value cinfo = content(info);
const failable<int> authz = checkAuthnz(cadr(assoc<value>("id", cinfo)), cadr(assoc<value>("password", cinfo)), r);
if (!hasContent(authz)) {
// Authentication failed, redirect to login page
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
// Successfully authenticated, store the user info in the request
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(cinfo, r));
}
}
// Get basic auth header from the request
const char* header = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization");
if (header != NULL) {
// Retrieve the auth realm
const char* aname = ap_auth_name(r);
if (aname == NULL)
return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
// Extract user info from the session id
const failable<value> info = userInfo(header, aname, r);
if (hasContent(info)) {
// Try to authenticate the request
const value cinfo = content(info);
const failable<int> authz = checkAuthnz(cadr(assoc<value>("id", cinfo)), cadr(assoc<value>("password", cinfo)), r);
if (!hasContent(authz)) {
// Authentication failed, redirect to login page
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
// Successfully authenticated, store the user info in the request
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(cinfo, r));
}
}
// Get the request args
const list<list<value> > args = httpd::queryArgs(r);
// Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED;
if (!isNil(assoc<value>("mod_oauth1_step", args)))
return DECLINED;
if (!isNil(assoc<value>("mod_oauth2_step", args)))
return DECLINED;
// Redirect to the login page
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
/**
* Process the module configuration.
*/
int postConfigMerge(ServerConf& mainsc, server_rec* s) {
if (s == NULL)
return OK;
debug(httpd::serverName(s), "modopenauth::postConfigMerge::serverName");
return postConfigMerge(mainsc, s->next);
}
int postConfig(apr_pool_t* p, unused apr_pool_t* plog, unused apr_pool_t* ptemp, server_rec* s) {
gc_scoped_pool pool(p);
ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_openauth);
debug(httpd::serverName(s), "modopenauth::postConfig::serverName");
// Merge server configurations
return postConfigMerge(sc, s);
}
/**
* Child process initialization.
*/
void childInit(apr_pool_t* p, server_rec* s) {
gc_scoped_pool pool(p);
ServerConf* psc = (ServerConf*)ap_get_module_config(s->module_config, &mod_tuscany_openauth);
if(psc == NULL) {
cfailure << "[Tuscany] Due to one or more errors mod_tuscany_openauth loading failed. Causing apache to stop loading." << endl;
exit(APEXIT_CHILDFATAL);
}
ServerConf& sc = *psc;
// Merge the updated configuration into the virtual hosts
postConfigMerge(sc, s->next);
}
/**
* Configuration commands.
*/
const char* confEnabled(cmd_parms *cmd, void *c, const int arg) {
gc_scoped_pool pool(cmd->pool);
DirConf& dc = httpd::dirConf<DirConf>(c);
dc.enabled = (bool)arg;
return NULL;
}
const char* confLogin(cmd_parms *cmd, void *c, const char* arg) {
gc_scoped_pool pool(cmd->pool);
DirConf& dc = httpd::dirConf<DirConf>(c);
dc.login = arg;
return NULL;
}
/**
* HTTP server module declaration.
*/
const command_rec commands[] = {
AP_INIT_FLAG("AuthOpenAuth", (const char*(*)())confEnabled, NULL, OR_AUTHCFG, "Tuscany Open Auth authentication On | Off"),
AP_INIT_TAKE1("AuthOpenAuthLoginPage", (const char*(*)())confLogin, NULL, OR_AUTHCFG, "Tuscany Open Auth login page"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
};
void registerHooks(unused apr_pool_t *p) {
ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
}
}
}
extern "C" {
module AP_MODULE_DECLARE_DATA mod_tuscany_openauth = {
STANDARD20_MODULE_STUFF,
// dir config and merger
tuscany::httpd::makeDirConf<tuscany::openauth::DirConf>, NULL,
// server config and merger
tuscany::httpd::makeServerConf<tuscany::openauth::ServerConf>, NULL,
// commands and hooks
tuscany::openauth::commands, tuscany::openauth::registerHooks
};
}

66
sca-cpp/trunk/modules/http/open-auth-conf Executable file
View file

@ -0,0 +1,66 @@
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD form authentication configuration
here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1
root=`readlink -f $1`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix`
# Generate form authentication configuration
cat >>$root/conf/auth.conf <<EOF
# Generated by: open-auth-conf $*
# Enable Tuscany open authentication
<Location />
AuthType Open
AuthName "$host"
AuthOpenAuth On
AuthOpenAuthLoginPage /login
AuthUserFile "$root/conf/httpd.passwd"
Require valid-user
</Location>
# Use HTTPD form-based authentication
<Location /login/dologin>
AuthType Form
AuthName "$host"
AuthFormProvider file
AuthUserFile "$root/conf/httpd.passwd"
AuthFormLoginRequiredLocation /login
AuthFormLogoutLocation /
Session On
SessionCookieName TuscanyOpenAuth path=/;secure=TRUE
#SessionCryptoPassphrase secret
Require valid-user
SetHandler form-login-handler
</Location>
EOF
# Create test users
touch $root/conf/httpd.passwd
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

36
sca-cpp/trunk/modules/oauth/oauth.hpp → sca-cpp/trunk/modules/http/openauth.hpp
View file

@ -19,11 +19,11 @@
/* $Rev$ $Date$ */
#ifndef tuscany_oauth_hpp
#define tuscany_oauth_hpp
#ifndef tuscany_openauth_hpp
#define tuscany_openauth_hpp
/**
* OAuth support utility functions.
* Tuscany Open auth support utility functions.
*/
#include "string.hpp"
@ -35,10 +35,9 @@
#include "../json/json.hpp"
#include "../http/httpd.hpp"
#include "../http/http.hpp"
#include "../../components/cache/memcache.hpp"
namespace tuscany {
namespace oauth {
namespace openauth {
/**
* Return the session id from a request.
@ -51,29 +50,26 @@ const char* cookieName(const char* cs) {
const maybe<string> sessionID(const list<string> c) {
if (isNil(c))
return maybe<string>();
const list<string> kv = tokenize("=", cookieName(c_str(car(c))));
if (!isNil(kv) && !isNil(cdr(kv))) {
if (car(kv) == "TuscanyOpenAuth")
return cadr(kv);
const string cn = cookieName(c_str(car(c)));
const int i = find(cn, "=");
if (i < length(cn)) {
const list<string> kv = mklist<string>(substr(cn, 0, i), substr(cn, i+1));
if (!isNil(kv) && !isNil(cdr(kv))) {
if (car(kv) == "TuscanyOpenAuth")
return cadr(kv);
}
}
return sessionID(cdr(c));
}
const maybe<string> sessionID(const request_rec* r) {
const char* c = apr_table_get(r->headers_in, "Cookie");
debug(c, "oauth::sessionid::cookies");
debug(c, "openauth::sessionid::cookies");
if (c == NULL)
return maybe<string>();
return sessionID(tokenize(";", c));
}
/**
* Return the user info for a session.
*/
const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
}
/**
* Convert a session id to a cookie string.
*/
@ -82,7 +78,7 @@ const string cookie(const string& sid) {
char exp[32];
strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t));
const string c = string("TuscanyOpenAuth=") + sid + string(";path=/;expires=" + string(exp)) + ";secure=TRUE";
debug(c, "oauth::cookie");
debug(c, "openauth::cookie");
return c;
}
@ -92,11 +88,11 @@ const string cookie(const string& sid) {
const failable<int> login(const string& page, request_rec* r) {
const list<list<value> > largs = mklist<list<value> >(mklist<value>("openauth_referrer", httpd::escape(httpd::url(r->uri, r))));
const string loc = httpd::url(page, r) + string("?") + httpd::queryString(largs);
debug(loc, "oauth::login::uri");
debug(loc, "openauth::login::uri");
return httpd::externalRedirect(loc, r);
}
}
}
#endif /* tuscany_oauth_hpp */
#endif /* tuscany_openauth_hpp */

3
sca-cpp/trunk/modules/http/proxy-conf
View file

@ -33,8 +33,7 @@ ProxyStatus On
ProxyPass / balancer://cluster/
<Proxy balancer://cluster>
Order deny,allow
Allow from all
Require all granted
ProxySet lbmethod=byrequests
</Proxy>

5
sca-cpp/trunk/modules/http/proxy-ssl-conf
View file

@ -34,8 +34,7 @@ ProxyPass /balancer-manager !
ProxyPass / balancer://sslcluster/
<Proxy balancer://sslcluster>
Order deny,allow
Allow from all
Require all granted
ProxySet lbmethod=byrequests
</Proxy>
@ -43,8 +42,6 @@ ProxySet lbmethod=byrequests
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
Deny from all
Allow from all
Require user admin
</Location>

2
sca-cpp/trunk/modules/oauth/htdocs/index.html
View file

@ -19,7 +19,7 @@
<html>
<head>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var protected = component("Protected");
var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getnickname", "getfullname", "getfirstname", "getlastname", "getrealm");

18
sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html
View file

@ -17,9 +17,14 @@
under the License.
-->
<html><body><h1>Sign in with an OpenID or OAuth provider</h1>
<html><body><h1>Sign in with a Form, an OpenID provider or an OAuth provider</h1>
<script type="text/javascript">
function submitFormSignin() {
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
function queryParams() {
qp = new Array();
qs = window.location.search.substring(1).split('&');
@ -133,6 +138,17 @@ function withTwitter() {
}
</script>
<form name="formSignin" method="POST" action="/login/dologin">
<p>Sign in with your user id and password<br/>
<table border="0">
<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr>
<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr>
</table>
</p>
<input type="hidden" name="httpd_location" value="/"/>
</form>
<form name="fields">
<p>Sign in with your Google account<br/><input type="button" onclick="submitOpenIDSignin(withGoogle)" value="Sign in"/></p>
<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitOpenIDSignin(withYahoo)" value="Sign in"/></p>

65
sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
View file

@ -39,8 +39,8 @@ extern "C" {
#include "../json/json.hpp"
#include "../http/httpd.hpp"
#include "../http/http.hpp"
#include "../http/openauth.hpp"
#include "../../components/cache/memcache.hpp"
#include "oauth.hpp"
extern "C" {
extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth1;
@ -83,20 +83,10 @@ public:
};
/**
* Check user authentication.
* Return the user info for a session.
*/
static int checkUserID(request_rec *r) {
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1);
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth1::checkUserID::input");
return OK;
const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
}
/**
@ -135,10 +125,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r
const list<value> lastname = assoc<value>("last-name", info);
if (!isNil(lastname) && !isNil(cdr(lastname)))
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
if(r->ap_auth_type == NULL)
r->ap_auth_type = const_cast<char*>("OAuth");
return DECLINED;
return OK;
}
/**
@ -391,47 +378,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r,
return mkfailure<int>(reason(prc));
// Send session ID to the client in a cookie
apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid)));
apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid)));
return httpd::externalRedirect(httpd::url(r->uri, r), r);
}
/**
* Handle a request.
* Check user authentication.
*/
int handler(request_rec* r) {
// Decline if we're not enabled or if the user is already
// authenticated by another module
static int checkAuthn(request_rec *r) {
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1);
if(!dc.enabled)
if (!dc.enabled)
return DECLINED;
if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL)
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth1::handler::input");
httpdDebugRequest(r, "modoauth1::checkAuthn::input");
const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth1);
// Get session id from the request
const maybe<string> sid = oauth::sessionID(r);
const maybe<string> sid = openauth::sessionID(r);
if (hasContent(sid)) {
// Decline if the session id was not created by this module
if (substr(content(sid), 0, 7) != "OAuth1_")
return DECLINED;
// If we're authenticated store the user info in the request
const failable<value> info = oauth::userInfo(content(sid), sc.mc);
if (hasContent(info))
const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(content(info), r));
}
}
// Get the request args
const list<list<value> > args = httpd::queryArgs(r);
// Decline if the request is for OpenID authentication
// Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED;
// Decline if the request is for OAuth2 authentication
if (!isNil(assoc<value>("mod_oauth2_step", args)))
return DECLINED;
@ -441,15 +428,20 @@ int handler(request_rec* r) {
const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : "";
// Handle OAuth authorize request step
if (step == "authorize")
if (step == "authorize") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authorize(args, r, sc));
}
// Handle OAuth access_token request step
if (step == "access_token")
if (step == "access_token") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(access_token(args, r, sc));
}
// Redirect to the login page
return httpd::reportStatus(oauth::login(dc.login, r));
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(openauth::login(dc.login, r));
}
/**
@ -567,8 +559,7 @@ const command_rec commands[] = {
void registerHooks(unused apr_pool_t *p) {
ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST);
ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
}
}

70
sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
View file

@ -33,8 +33,8 @@
#include "monad.hpp"
#include "../http/httpd.hpp"
#include "../http/http.hpp"
#include "../http/openauth.hpp"
#include "../../components/cache/memcache.hpp"
#include "oauth.hpp"
extern "C" {
extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth2;
@ -77,20 +77,10 @@ public:
};
/**
* Check user authentication.
* Return the user info for a session.
*/
static int checkUserID(request_rec *r) {
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2);
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth2::checkUserID::input");
return OK;
const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
}
/**
@ -99,6 +89,12 @@ static int checkUserID(request_rec *r) {
const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
debug(info, "modoauth2::authenticated::info");
// Store user info in the request
const list<value> realm = assoc<value>("realm", info);
if (isNil(realm) || isNil(cdr(realm)))
return mkfailure<int>("Couldn't retrieve realm");
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
const list<value> id = assoc<value>("id", info);
if (isNil(id) || isNil(cdr(id)))
return mkfailure<int>("Couldn't retrieve user id");
@ -122,9 +118,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r
if (!isNil(lastname) && !isNil(cdr(lastname)))
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
if(r->ap_auth_type == NULL)
r->ap_auth_type = const_cast<char*>("OAuth");
return DECLINED;
return OK;
}
/**
@ -236,47 +230,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r,
return mkfailure<int>(reason(prc));
// Send session ID to the client in a cookie
apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid)));
apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid)));
return httpd::externalRedirect(httpd::url(r->uri, r), r);
}
/**
* Handle a request.
* Check user authentication.
*/
int handler(request_rec* r) {
// Decline if we're not enabled or if the user is already
// authenticated by another module
static int checkAuthn(request_rec *r) {
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2);
if(!dc.enabled)
if (!dc.enabled)
return DECLINED;
if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL)
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth2::handler::input");
httpdDebugRequest(r, "modoauth2::checkAuthn::input");
const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth2);
// Get session id from the request
const maybe<string> sid = oauth::sessionID(r);
const maybe<string> sid = openauth::sessionID(r);
if (hasContent(sid)) {
// Decline if the session id was not created by this module
if (substr(content(sid), 0, 7) != "OAuth2_")
return DECLINED;
// If we're authenticated store the user info in the request
const failable<value> info = oauth::userInfo(content(sid), sc.mc);
if (hasContent(info))
const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(content(info), r));
}
}
// Get the request args
const list<list<value> > args = httpd::queryArgs(r);
// Decline if the request is for OpenID authentication
// Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED;
// Decline if the request is for OAuth1 authentication
if (!isNil(assoc<value>("mod_oauth1_step", args)))
return DECLINED;
@ -286,15 +280,20 @@ int handler(request_rec* r) {
const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : "";
// Handle OAuth authorize request step
if (step == "authorize")
if (step == "authorize") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authorize(args, r, sc));
}
// Handle OAuth access_token request step
if (step == "access_token")
if (step == "access_token") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(access_token(args, r, sc));
}
// Redirect to the login page
return httpd::reportStatus(oauth::login(dc.login, r));
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(openauth::login(dc.login, r));
}
/**
@ -412,8 +411,7 @@ const command_rec commands[] = {
void registerHooks(unused apr_pool_t *p) {
ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST);
ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
}
}

29
sca-cpp/trunk/modules/oauth/oauth-conf
View file

@ -26,7 +26,7 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
# Configure HTTPD mod_tuscany_oauth module
cat >>$root/conf/httpd.conf <<EOF
cat >>$root/conf/auth.conf <<EOF
# Generated by: oauth-conf $*
# Load support for OAuth authentication
LoadModule mod_tuscany_oauth1 $here/libmod_tuscany_oauth1.so
@ -35,22 +35,10 @@ LoadModule mod_tuscany_oauth2 $here/libmod_tuscany_oauth2.so
# Enable OAuth authentication
<Location />
AuthType Open
AuthName "$host"
AuthOAuth On
AuthOAuthLoginPage /login
</Location>
# Enable unauthenticated access to public areas
<Location /login>
AuthOAuth Off
</Location>
<Location /logout>
AuthOAuth Off
</Location>
<Location /public>
AuthOAuth Off
</Location>
<Location /ui>
AuthOAuth Off
Require valid-user
</Location>
# Configure OAuth App keys
@ -65,14 +53,3 @@ cat >$root/cert/oauth-keys.conf <<EOF
EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: oauth-conf $*
# Require OAuth authentication
<Location />
AuthType Open
AuthName "$host"
Require valid-user
</Location>
EOF

2
sca-cpp/trunk/modules/oauth/oauth-memcached-conf
View file

@ -24,7 +24,7 @@ host=$2
port=$3
# Configure HTTPD mod_tuscany_oauth module cache
cat >>$root/conf/httpd.conf <<EOF
cat >>$root/conf/auth.conf <<EOF
# Generated by: oauth-memcached-conf $*
AddAuthOAuthMemcached $host:$port

3
sca-cpp/trunk/modules/oauth/start-mixed-test
View file

@ -44,6 +44,8 @@ here=`readlink -f $0`; here=`dirname $here`
../openid/openid-memcached-conf tmp localhost 11212
../openid/openid-memcached-conf tmp localhost 11213
../http/open-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF
@ -51,6 +53,7 @@ SCAContribution `pwd`/
SCAComposite oauth.composite
Alias /login/index.html $here/htdocs/login/mixed.html
EOF
../../modules/http/httpd-start tmp

10
sca-cpp/trunk/modules/oauth/start-test
View file

@ -21,14 +21,14 @@
../../components/cache/memcached-start 11212
../../components/cache/memcached-start 11213
../../modules/http/ssl-ca-conf tmp jsdelfino.com
../../modules/http/ssl-cert-conf tmp jsdelfino.com
../../modules/http/httpd-conf tmp jsdelfino.com 8090/80 htdocs
../../modules/http/ssl-ca-conf tmp localhost
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090/80 htdocs
../../modules/http/httpd-ssl-conf tmp 8453/443
./oauth-conf tmp
./oauth-memcached-conf tmp jsdelfino.com 11212
./oauth-memcached-conf tmp jsdelfino.com 11213
./oauth-memcached-conf tmp localhost 11212
./oauth-memcached-conf tmp localhost 11213
# Configure your app keys here
./oauth1-appkey-conf tmp twitter.com app2345 secret7890

2
sca-cpp/trunk/modules/openid/htdocs/index.html
View file

@ -19,7 +19,7 @@
<html>
<head>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var protected = component("Protected");
var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getrealm");

31
sca-cpp/trunk/modules/openid/openid-conf
View file

@ -26,8 +26,8 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
openid_prefix=`cat $here/openid.prefix`
# Configure HTTPD mod_auth_openid module
cat >>$root/conf/httpd.conf <<EOF
# Configure OpenID authentication
cat >>$root/conf/auth.conf <<EOF
# Generated by: openid-conf $*
# Load support for OpenID authentication
LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
@ -35,6 +35,8 @@ LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
# Enable OpenID authentication
<Location />
AuthType Open
AuthName "$host"
Require valid-user
AuthOpenIDEnabled On
AuthOpenIDCookiePath /
AuthOpenIDCookieName TuscanyOpenAuth
@ -47,30 +49,5 @@ AuthOpenIDAXAdd FIRSTNAME http://axschema.org/namePerson/first
AuthOpenIDAXAdd LASTNAME http://axschema.org/namePerson/last
</Location>
# Enable unauthenticated access to public areas
<Location /login>
AuthOpenIDEnabled Off
</Location>
<Location /logout>
AuthOpenIDEnabled Off
</Location>
<Location /public>
AuthOpenIDEnabled Off
</Location>
<Location /ui>
AuthOpenIDEnabled Off
</Location>
EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: openid-conf $*
# Require OpenID authentication
<Location />
AuthType Open
AuthName "$host"
Require valid-user
</Location>
EOF

2
sca-cpp/trunk/modules/openid/openid-memcached-conf
View file

@ -24,7 +24,7 @@ host=$2
port=$3
# Configure HTTPD mod_auth_openid module cache
cat >>$root/conf/httpd.conf <<EOF
cat >>$root/conf/auth.conf <<EOF
# Generated by: openid-cache-conf $*
AddAuthOpenIDMemcached $host:$port

4
sca-cpp/trunk/modules/openid/openid-step2-conf
View file

@ -26,19 +26,17 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
# Configure HTTPD to serve OpenID XRDS and LRDD documents
cat >>$root/conf/httpd.conf <<EOF
cat >>$root/conf/auth.conf <<EOF
# Generated by: openid-step2-conf $*
# Serve OpenID XRDS document
Alias /openid $root/conf/openid.xrds
<Location /openid>
AuthOpenIDEnabled Off
ForceType application/xrds+xml
</Location>
# Serve OpenID LRDD document
Alias /.well-known/host-meta $root/conf/openid.lrdd
<Location /.well-known/host-meta>
AuthOpenIDEnabled Off
ForceType text/plain
</Location>

4
sca-cpp/trunk/modules/python/eval.hpp
View file

@ -135,8 +135,10 @@ PyObject* pyLambda_getattr(PyObject *self, PyObject *attrname) {
if (substr(name, 0, 1) == "_")
return PyObject_GenericGetAttr(self, attrname);
if (name == "eval")
if (name == "eval") {
Py_INCREF(self);
return self;
}
const pyLambda* pyl = (pyLambda*)self;
debug(name, "python::getattr::name");

4
sca-cpp/trunk/modules/server/Makefile.am
View file

@ -23,9 +23,9 @@ incldir = $(prefix)/include/modules/server
dist_mod_SCRIPTS = cpp-conf scheme-conf server-conf
moddir = $(prefix)/modules/server
nobase_dist_mod_DATA = htdocs/js/*.js
nobase_dist_mod_DATA = htdocs/wiring/*.js
EXTRA_DIST = domain-test.composite client-test.scm server-test.scm htdocs/*.xml htdocs/*.txt htdocs/*.html htdocs/js/*.js
EXTRA_DIST = domain-test.composite client-test.scm server-test.scm htdocs/*.xml htdocs/*.txt htdocs/*.html htdocs/wiring/*.js
mod_LTLIBRARIES = libmod_tuscany_eval.la libmod_tuscany_wiring.la
noinst_DATA = libmod_tuscany_eval.so libmod_tuscany_wiring.so

0
sca-cpp/trunk/modules/server/htdocs/js/ref.js → sca-cpp/trunk/modules/server/htdocs/wiring/ref.js
View file

2
sca-cpp/trunk/modules/server/server-conf
View file

@ -50,7 +50,7 @@ LoadModule mod_tuscany_wiring $here/libmod_tuscany_wiring.so
SCAWiringServerName $servername
# Serve HTTP binding JavaScript client code
Alias /js/ref.js $here/htdocs/js/ref.js
Alias /wiring/ref.js $here/htdocs/wiring/ref.js
EOF

2
sca-cpp/trunk/samples/loan-python/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var component = new tuscany.sca.Component("Store");

2
sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-cluster/server-ssl-conf
View file

@ -31,7 +31,7 @@ tar -C tmp/ssl -c `../../modules/http/ssl-cert-find tmp/ssl` | tar -C $root -x
../../modules/http/httpd-ssl-conf $root $sslport/443
../../modules/http/vhost-ssl-conf $root
#../../modules/http/httpd-auth-conf $root
#../../modules/http/basic-auth-conf $root
../../modules/oauth/oauth-conf $root
../../modules/oauth/oauth-memcached-conf $root localhost 11211
../../modules/oauth/oauth-memcached-conf $root localhost 11212

8
sca-cpp/trunk/samples/store-cluster/start
View file

@ -59,21 +59,21 @@ sleep 1
sleep 1
# Start two proxy balancers
./proxy-conf tmp/proxy1 8091
./proxy-conf tmp/proxy1 8090
../../modules/http/proxy-member-conf tmp/proxy1 localhost 8101
../../modules/http/proxy-member-conf tmp/proxy1 localhost 8102
../../modules/http/proxy-member-conf tmp/proxy1 localhost 8103
../../modules/http/httpd-start tmp/proxy1
./proxy-conf tmp/proxy2 8092
./proxy-conf tmp/proxy2 8091
../../modules/http/proxy-member-conf tmp/proxy2 localhost 8101
../../modules/http/proxy-member-conf tmp/proxy2 localhost 8102
../../modules/http/proxy-member-conf tmp/proxy2 localhost 8103
../../modules/http/httpd-start tmp/proxy2
# Redirect traffic from port 80 to proxy1
#sudo ../../ubuntu/ip-redirect-all 80 8091
#sudo ../../ubuntu/ip-redirect-all 80 8090
# Redirect traffic from port 80 to proxy2
#sudo ../../ubuntu/ip-redirect-all 80 8092
#sudo ../../ubuntu/ip-redirect-all 80 8091

2
sca-cpp/trunk/samples/store-cpp/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-cpp/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/server/cpp-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

8
sca-cpp/trunk/samples/store-gae/Makefile.am
View file

@ -22,19 +22,19 @@ dist_sample_SCRIPTS = start stop
sampledir = $(prefix)/samples/store-gae
BUILT_SOURCES = target.stamp
target.stamp: app.yaml *.py *.composite $(top_builddir)/modules/wsgi/*.py htdocs/* $(top_builddir)/modules/server/htdocs/js/*
target.stamp: app.yaml *.py *.composite $(top_builddir)/modules/wsgi/*.py htdocs/* $(top_builddir)/modules/server/htdocs/wiring/*
mkdir -p target
cp app.yaml *.py *.composite `ls $(top_builddir)/modules/wsgi/*.py | grep -v "\-test"` target
mkdir -p target/htdocs
cp -R htdocs/* target/htdocs
mkdir -p target/htdocs/js
cp -R $(top_builddir)/modules/server/htdocs/js/* target/htdocs/js
mkdir -p target/htdocs/wiring
cp -R $(top_builddir)/modules/server/htdocs/wiring/* target/htdocs/wiring
touch target.stamp
clean-local:
rm -rf target.stamp target
nobase_sample_DATA = target/app.yaml target/*.py target/*.composite target/htdocs/*.html target/htdocs/js/*.js
nobase_sample_DATA = target/app.yaml target/*.py target/*.composite target/htdocs/*.html target/htdocs/wiring/*.js
EXTRA_DIST = app.yaml *.composite *.py htdocs/*.html

2
sca-cpp/trunk/samples/store-gae/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-java/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-java/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/java/java-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-nosql/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-nosql/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-python/Makefile.am
View file

@ -20,7 +20,7 @@ if WANT_PYTHON
dist_sample_SCRIPTS = start stop ssl-start uec2-start
sampledir = $(prefix)/samples/store-python
nobase_dist_sample_DATA = currency-converter.py fruits-catalog.py shopping-cart.py store.py store.composite htdocs/*.html
nobase_dist_sample_DATA = currency-converter.py fruits-catalog.py shopping-cart.py store.py store.composite htdocs/*.html htdocs/login/*.html htdocs/logout/*.html
dist_noinst_SCRIPTS = server-test
TESTS = server-test

2
sca-cpp/trunk/samples/store-python/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

39
sca-cpp/trunk/samples/store-python/htdocs/login/index.html Normal file
View file

@ -0,0 +1,39 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in</h1>
<script type="text/javascript">
function submitFormSignin() {
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
</script>
<form name="formSignin" method="POST" action="/login/dologin">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr>
<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr>
</table>
<input type="hidden" name="httpd_location" value="/"/>
</form>
</body>
</html>

33
sca-cpp/trunk/samples/store-python/htdocs/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'TuscanyFormAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

2
sca-cpp/trunk/samples/store-python/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/http/open-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-scheme/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-scheme/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-sql/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-sql/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-vhost/htdocs/domains/jane/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-vhost/htdocs/domains/joe/index.html
View file

@ -20,7 +20,7 @@
<head>
<title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script>
<script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript">
var store = component("Store");

2
sca-cpp/trunk/samples/store-vhost/ssl-start
View file

@ -27,7 +27,7 @@
../../modules/http/vhost-conf tmp
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/vhost-ssl-conf tmp
../../modules/http/httpd-auth-conf tmp
../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF

16
sca-cpp/trunk/ubuntu/ubuntu-install-all
View file

@ -44,10 +44,10 @@ sudo apt-get -y install libssl-dev
if [ "$?" != "0" ]; then
exit $?
fi
wget http://archive.apache.org/dist/httpd/httpd-2.2.16.tar.gz
tar xzf httpd-2.2.16.tar.gz
cd httpd-2.2.16
./configure --enable-ssl --enable-proxy --enable-usertrack --enable-mods-shared=most --with-included-apr --with-mpm=prefork --prefix=$build/httpd-2.2.16-bin
wget http://archive.apache.org/dist/httpd/httpd-2.3.8.tar.gz
tar xzf httpd-2.3.8.tar.gz
cd httpd-2.3.8
./configure --enable-ssl --enable-proxy --enable-usertrack --enable-mods-shared=most --with-included-apr --with-mpm=prefork --prefix=$build/httpd-2.3.8-bin
make
make install
if [ "$?" != "0" ]; then
@ -135,7 +135,7 @@ fi
wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz
tar xzf axis2c-src-1.6.0.tar.gz
cd axis2c-src-1.6.0
./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.2.16-bin/include --prefix=$build/axis2c-1.6.0-bin
./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.3.8-bin/include --prefix=$build/axis2c-1.6.0-bin
make
make install
if [ "$?" != "0" ]; then
@ -238,7 +238,7 @@ sudo apt-get -y install libpcre3-dev
git clone git://github.com/jsdelfino/mod_auth_openid.git
cd mod_auth_openid
./autogen.sh
./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/httpd-2.2.16-bin --with-httpd=$build/httpd-2.2.16-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin
./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin
make
make install
if [ "$?" != "0" ]; then
@ -336,7 +336,7 @@ git clone git://git.apache.org/tuscany-sca-cpp.git
cd tuscany-sca-cpp
cp etc/git-exclude .git/info/exclude
./bootstrap
./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/httpd-2.2.16-bin --with-httpd=$build/httpd-2.2.16-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
make
make install
if [ "$?" != "0" ]; then
@ -345,5 +345,5 @@ fi
cd $build
# Create bin archive
tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.2.16-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin
tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.3.8-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin