archive/apache-tuscany
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Port to HTTPD 2.3.8. Add an auth module to make OpenID, OAuth 1/2 and HTTPD 2.3 Form auth modules play nice together.

Browse source 
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1034693 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
jsdelfino 2010-11-13 07:53:10 +00:00
commit 3ac22b097d
57 changed files with 889 additions and 278 deletions
Download patch file Download diff file Expand all files Collapse all files

19
sca-cpp/trunk/INSTALL
View file

@ -57,7 +57,7 @@ http://svn.apache.org/repos/asf/tuscany/sca-cpp/trunk/ubuntu/ubuntu-gcc-4.5
Then install the following development dependencies: Then install the following development dependencies:
Apache HTTP server and APR: Apache HTTP server and APR:
httpd-2.2.16 (http://httpd.apache.org/) httpd-2.3.8 (http://httpd.apache.org/)
with included libapr and libaprutil with included libapr and libaprutil
built with OpenSSL libssl-0.9.8g built with OpenSSL libssl-0.9.8g
@ -179,7 +179,7 @@ dependencies installed in the standard system directories and some of the
dependencies installed under $HOME: dependencies installed under $HOME:
./configure --prefix=$HOME/tuscany-sca-cpp-bin \ ./configure --prefix=$HOME/tuscany-sca-cpp-bin \
--with-apr=$HOME/httpd-2.2.16-bin --with-httpd=$HOME/httpd-2.2.16-bin \ --with-apr=$HOME/httpd-2.3.8-bin --with-httpd=$HOME/httpd-2.3.8-bin \
--with-memcached=$HOME/memcached-1.4.5-bin \ --with-memcached=$HOME/memcached-1.4.5-bin \
--with-tinycdb=$HOME/tinycdb-0.77-bin \ --with-tinycdb=$HOME/tinycdb-0.77-bin \
--with-curl=$HOME/curl-7.19.5-bin --with-libxml2=/usr \ --with-curl=$HOME/curl-7.19.5-bin --with-libxml2=/usr \
@ -233,15 +233,14 @@ Building dependencies from source
Here are example build and install steps for some of the dependencies. Here are example build and install steps for some of the dependencies.
Apache HTTPD, including APR, using the HTTP prefork MPM (recommended): Apache HTTPD, including APR, using the HTTP prefork MPM (recommended):
wget http://archive.apache.org/dist/httpd/httpd-2.2.16.tar.gz wget http://archive.apache.org/dist/httpd/httpd-2.3.8.tar.gz
tar xzf httpd-2.2.16.tar.gz tar xzf httpd-2.3.8.tar.gz
cd httpd-2.2.16 cd httpd-2.3.8
./configure --enable-ssl --enable-proxy --enable-usertrack \ ./configure --enable-ssl --enable-proxy --enable-usertrack \
--enable-mods-shared=most --with-included-apr --with-mpm=prefork \ --with-included-apr --with-mpm=prefork --prefix=$HOME/httpd-2.3.8-bin
--prefix=$HOME/httpd-2.2.16-bin
make make
make install make install
export PATH=$HOME/httpd-2.2.16-bin/bin:$PATH export PATH=$HOME/httpd-2.3.8-bin/bin:$PATH
Memcached: Memcached:
wget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz wget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz
@ -288,7 +287,7 @@ wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz
tar xzf axis2c-src-1.6.0.tar.gz tar xzf axis2c-src-1.6.0.tar.gz
cd axis2c-src-1.6.0 cd axis2c-src-1.6.0
./configure --enable-libxml2 --enable-openssl \ ./configure --enable-libxml2 --enable-openssl \
--with-apache2=$HOME/httpd-2.2.16-bin/include --prefix=$HOME/axis2c-1.6.0-bin --with-apache2=$HOME/httpd-2.3.8-bin/include --prefix=$HOME/axis2c-1.6.0-bin
make make
make install make install
export AXIS2C_HOME=$HOME/axis2c-1.6.0-bin export AXIS2C_HOME=$HOME/axis2c-1.6.0-bin
@ -337,7 +336,7 @@ git clone git://github.com/jsdelfino/mod_auth_openid.git
cd mod_auth_openid cd mod_auth_openid
./autogen.sh ./autogen.sh
./configure --prefix=$HOME/mod-auth-openid-bin \ ./configure --prefix=$HOME/mod-auth-openid-bin \
--with-apr=$HOME/httpd-2.2.16-bin --with-httpd=$HOME/httpd-2.2.16-bin \ --with-apr=$HOME/httpd-2.3.8-bin --with-httpd=$HOME/httpd-2.3.8-bin \
--with-curl=$HOME/curl-7.19.5-bin --with-libopkele=$HOME/libopkele-bin --with-curl=$HOME/curl-7.19.5-bin --with-libopkele=$HOME/libopkele-bin
make make
make install make install

13
sca-cpp/trunk/modules/http/Makefile.am
View file

@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
incl_HEADERS = *.hpp incl_HEADERS = *.hpp
incldir = $(prefix)/include/modules/http incldir = $(prefix)/include/modules/http
dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf httpd-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf form-auth-conf open-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf
moddir=$(prefix)/modules/http moddir=$(prefix)/modules/http
curl_test_SOURCES = curl-test.cpp curl_test_SOURCES = curl-test.cpp
@ -32,18 +32,23 @@ curl_get_LDFLAGS = -lxml2 -lcurl -lmozjs
curl_connect_SOURCES = curl-connect.cpp curl_connect_SOURCES = curl-connect.cpp
curl_connect_LDFLAGS = -lxml2 -lcurl -lmozjs curl_connect_LDFLAGS = -lxml2 -lcurl -lmozjs
mod_LTLIBRARIES = libmod_tuscany_ssltunnel.la mod_LTLIBRARIES = libmod_tuscany_ssltunnel.la libmod_tuscany_openauth.la
noinst_DATA = libmod_tuscany_ssltunnel.so noinst_DATA = libmod_tuscany_ssltunnel.so libmod_tuscany_openauth.so
libmod_tuscany_ssltunnel_la_SOURCES = mod-ssltunnel.cpp libmod_tuscany_ssltunnel_la_SOURCES = mod-ssltunnel.cpp
libmod_tuscany_ssltunnel_la_LDFLAGS = -lxml2 -lcurl -lmozjs libmod_tuscany_ssltunnel_la_LDFLAGS = -lxml2 -lcurl -lmozjs
libmod_tuscany_ssltunnel.so: libmod_tuscany_ssltunnel.so:
ln -s .libs/libmod_tuscany_ssltunnel.so ln -s .libs/libmod_tuscany_ssltunnel.so
libmod_tuscany_openauth_la_SOURCES = mod-openauth.cpp
libmod_tuscany_openauth_la_LDFLAGS = -lxml2 -lcurl -lmozjs
libmod_tuscany_openauth.so:
ln -s .libs/libmod_tuscany_openauth.so
mod_DATA = httpd.prefix httpd-apachectl.prefix httpd-modules.prefix curl.prefix mod_DATA = httpd.prefix httpd-apachectl.prefix httpd-modules.prefix curl.prefix
nobase_dist_mod_DATA = conf/* nobase_dist_mod_DATA = conf/*
EXTRA_DIST = htdocs/index.html EXTRA_DIST = htdocs/index.html htdocs/login/index.html htdocs/logout/index.html
httpd.prefix: $(top_builddir)/config.status httpd.prefix: $(top_builddir)/config.status
echo ${HTTPD_PREFIX} >httpd.prefix echo ${HTTPD_PREFIX} >httpd.prefix

10
sca-cpp/trunk/modules/http/httpd-auth-conf → sca-cpp/trunk/modules/http/basic-auth-conf
View file

@ -17,7 +17,7 @@
# specific language governing permissions and limitations # specific language governing permissions and limitations
# under the License. # under the License.
# Generate a minimal HTTPD SSL configuration # Generate a minimal HTTPD basic authentication configuration
here=`readlink -f $0`; here=`dirname $here` here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1 mkdir -p $1
root=`readlink -f $1` root=`readlink -f $1`
@ -28,13 +28,14 @@ host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix` httpd_prefix=`cat $here/httpd.prefix`
# Generate basic authentication configuration # Generate basic authentication configuration
cat >>$root/conf/vhost-ssl.conf <<EOF cat >>$root/conf/auth.conf <<EOF
# Generated by: httpd-auth-conf $* # Generated by: basic-auth-conf $*
# Require clients to present a userid + password for HTTP # Require clients to present a userid + password for HTTP
# basic authentication # basic authentication
<Location /> <Location />
AuthType Basic AuthType Basic
AuthName "$host" AuthName "$host"
AuthBasicProvider file
AuthUserFile "$root/conf/httpd.passwd" AuthUserFile "$root/conf/httpd.passwd"
Require valid-user Require valid-user
</Location> </Location>
@ -42,7 +43,8 @@ Require valid-user
EOF EOF
# Create test users # Create test users
$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null touch $root/conf/httpd.passwd
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

64
sca-cpp/trunk/modules/http/form-auth-conf Executable file
View file

@ -0,0 +1,64 @@
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD form authentication configuration
here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1
root=`readlink -f $1`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix`
# Generate form authentication configuration
cat >>$root/conf/auth.conf <<EOF
# Generated by: form-auth-conf $*
# Require clients to present a userid + password through form-based
# authentication
<Location />
AuthType Form
AuthName "$host"
AuthFormProvider file
AuthUserFile "$root/conf/httpd.passwd"
AuthFormLoginRequiredLocation /login
AuthFormLogoutLocation /
Session On
SessionCookieName TuscanyFormAuth path=/;secure=TRUE
#SessionCryptoPassphrase secret
Require valid-user
</Location>
<Location /login/dologin>
SetHandler form-login-handler
</Location>
<Location /logout/dologout>
SetHandler form-logout-handler
</Location>
EOF
# Create test users
touch $root/conf/httpd.passwd
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

39
sca-cpp/trunk/modules/http/htdocs/login/index.html Normal file
View file

@ -0,0 +1,39 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in</h1>
<script type="text/javascript">
function submitFormSignin() {
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
</script>
<form name="formSignin" method="POST" action="/login/dologin">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr>
<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr>
</table>
<input type="hidden" name="httpd_location" value="/"/>
</form>
</body>
</html>

33
sca-cpp/trunk/modules/http/htdocs/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'TuscanyFormAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

9
sca-cpp/trunk/modules/http/http.hpp
View file

@ -159,19 +159,19 @@ const failable<CURL*> setup(const string& url, const CURLSession& cs) {
// Setup SSL options // Setup SSL options
if (cs.ca != "") { if (cs.ca != "") {
debug(cs.ca, "http::apply::ca"); debug(cs.ca, "http::setup::ca");
curl_easy_setopt(ch, CURLOPT_CAINFO, c_str(cs.ca)); curl_easy_setopt(ch, CURLOPT_CAINFO, c_str(cs.ca));
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, true); curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 2); curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 2);
} else } else
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, false); curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, false);
if (cs.cert != "") { if (cs.cert != "") {
debug(cs.cert, "http::apply::cert"); debug(cs.cert, "http::setup::cert");
curl_easy_setopt(ch, CURLOPT_SSLCERT, c_str(cs.cert)); curl_easy_setopt(ch, CURLOPT_SSLCERT, c_str(cs.cert));
curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
} }
if (cs.key != "") { if (cs.key != "") {
debug(cs.key, "http::apply::key"); debug(cs.key, "http::setup::key");
curl_easy_setopt(ch, CURLOPT_SSLKEY, c_str(cs.key)); curl_easy_setopt(ch, CURLOPT_SSLKEY, c_str(cs.key));
curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM"); curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM");
} }
@ -238,6 +238,8 @@ curl_slist* headers(curl_slist* cl, const list<string>& h) {
} }
template<typename R> const failable<list<R> > apply(const list<list<string> >& hdr, const lambda<R(const string&, const R)>& reduce, const R& initial, const string& url, const string& verb, const CURLSession& cs) { template<typename R> const failable<list<R> > apply(const list<list<string> >& hdr, const lambda<R(const string&, const R)>& reduce, const R& initial, const string& url, const string& verb, const CURLSession& cs) {
debug(url, "http::apply::url");
debug(verb, "http::apply::verb");
// Setup the CURL session // Setup the CURL session
const failable<CURL*> fch = setup(url, cs); const failable<CURL*> fch = setup(url, cs);
@ -523,6 +525,7 @@ apr_pollfd_t* pollfd(apr_socket_t* s, const int e, const gc_pool& p) {
* Connect to a URL. * Connect to a URL.
*/ */
const failable<bool> connect(const string& url, CURLSession& cs) { const failable<bool> connect(const string& url, CURLSession& cs) {
debug(url, "http::connect::url");
// Setup the CURL session // Setup the CURL session
const failable<CURL*> fch = setup(url, cs); const failable<CURL*> fch = setup(url, cs);

92
sca-cpp/trunk/modules/http/httpd-conf
View file

@ -52,19 +52,25 @@ PidFile $root/logs/httpd.pid
# after mod_rewrite's hooks) # after mod_rewrite's hooks)
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_default_module ${modules_prefix}/modules/mod_authn_default.so LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
LoadModule authz_default_module ${modules_prefix}/modules/mod_authz_default.so LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
LoadModule request_module ${modules_prefix}/modules/mod_request.so
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so LoadModule status_module ${modules_prefix}/modules/mod_status.so
@ -79,8 +85,16 @@ LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
LoadModule session_module ${modules_prefix}/modules/mod_session.so
#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel.so LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel.so
LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth.so
# Basic security precautions # Basic security precautions
User $user User $user
@ -103,7 +117,6 @@ CookieTracking on
CookieName TuscanyVisitorId CookieName TuscanyVisitorId
# Configure Mime types # Configure Mime types
DefaultType text/plain
TypesConfig $here/conf/mime.types TypesConfig $here/conf/mime.types
# Set default document root # Set default document root
@ -114,26 +127,44 @@ DirectoryIndex index.html
<Directory /> <Directory />
Options None Options None
AllowOverride None AllowOverride None
Order deny,allow Require all denied
Deny from all
</Directory>
<FilesMatch "^\.ht">
Order deny,allow
Deny from all
Satisfy Any
</FilesMatch>
# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
Allow from all
</Directory> </Directory>
# Allow access to root location # Configure authentication
<Location /> Include conf/auth.conf
Options FollowSymLinks
Order deny,allow # Allow access to public locations
Allow from all <Location /login>
AuthType None
Require all granted
</Location>
<Location /logout>
AuthType None
Require all granted
</Location>
<Location /public>
AuthType None
Require all granted
</Location>
<Location /openid>
AuthType None
Require all granted
</Location>
<Location /ui>
AuthType None
Require all granted
</Location>
<Location /wiring>
AuthType None
Require all granted
</Location>
<Location /.well-known/host-meta>
AuthType None
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
Require all granted
</Location> </Location>
# Listen on HTTP port # Listen on HTTP port
@ -152,6 +183,25 @@ Include conf/svhost.conf
EOF EOF
# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*
# Authentication configuration
# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
Require all granted
</Directory>
# Allow access to root location
<Location />
Options FollowSymLinks
Require all granted
</Location>
EOF
# Generate vhost configuration # Generate vhost configuration
cat >$root/conf/vhost.conf <<EOF cat >$root/conf/vhost.conf <<EOF
# Generated by: httpd-conf $* # Generated by: httpd-conf $*

32
sca-cpp/trunk/modules/http/httpd-ssl-conf
View file

@ -51,7 +51,7 @@ AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:$root/logs/ssl_scache(512000)" SSLSessionCache "shmcb:$root/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300 SSLSessionCacheTimeout 300
SSLMutex "file:$root/logs/ssl_mutex" Mutex "file:$root/logs" ssl-cache
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
@ -68,7 +68,6 @@ Include conf/svhost-ssl.conf
<Location /server-status> <Location /server-status>
SetHandler server-status SetHandler server-status
HostnameLookups on HostnameLookups on
Allow from all
Require user admin Require user admin
</Location> </Location>
@ -114,10 +113,10 @@ UseCanonicalName Off
SSLEngine on SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLOptions -StrictRequire +OptRenegotiate SSLOptions +StrictRequire +OptRenegotiate +FakeBasicAuth
# Verify client certificates # Verify client certificates
SSLVerifyClient none SSLVerifyClient optional
SSLVerifyDepth 1 SSLVerifyDepth 1
# Enable SSL proxy engine # Enable SSL proxy engine
@ -143,19 +142,13 @@ cat >>$root/conf/vhost-ssl.conf <<EOF
<Location /> <Location />
# Require clients to use SSL and authenticate # Require clients to use SSL and authenticate
SSLRequireSSL SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# Also accept other forms of authentication (e.g. HTTP basic
# authentication, or OpenID authentication)
Satisfy Any
EOF EOF
proxyconf=`cat $root/conf/vhost.conf | grep "# Generated by: proxy-conf"` proxyconf=`cat $root/conf/vhost.conf | grep "# Generated by: proxy-conf"`
if [ "$proxyconf" != "" ]; then if [ "$proxyconf" != "" ]; then
cat >>$root/conf/vhost-ssl.conf <<EOF cat >>$root/conf/vhost-ssl.conf <<EOF
# In an proxy, only require a 128+ cipher key
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# Forward received SSL client certificate info in proxied requests # Forward received SSL client certificate info in proxied requests
RewriteEngine on RewriteEngine on
RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}] RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}]
@ -184,18 +177,6 @@ RequestHeader set X-Forwarded-SSL-Client-DN-OU %{SSL_S_DN_OU}e env=SSL_S_DN_OU
EOF EOF
else else
cat >>$root/conf/vhost-ssl.conf <<EOF cat >>$root/conf/vhost-ssl.conf <<EOF
# In a server, require a 128+ cipher key and one of the following
# - another server's certificate issued by our certificate authority
# - a proxy certificate + forwarded info on the client request certificate,
# both signed by our certificate authority
# - OpenID authentication (set by mod_auth_openid in the auth_type)
# - another valid form of authentication as per the Satisfy directive
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and ( \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "server" ) or \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "tunnel" ) or \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "proxy" and \
%{HTTP:X-Forwarded-SSL-Issuer-DN-O} == "$org" and %{HTTP:X-Forwarded-SSL-Client-DN-OU} == "server" ) or \
%{REQUEST_URI} =~ m/^.(login|logout|openid|public|ui).*$/ )
# Record received SSL client certificate info in environment vars # Record received SSL client certificate info in environment vars
RewriteEngine on RewriteEngine on
@ -270,3 +251,8 @@ SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem"
EOF EOF
# Configure user for HTTP fake basic auth
cat >$root/conf/httpd.passwd <<EOF
/C=US/ST=CA/L=San Francisco/O=$host/OU=server/CN=$host:\$1\$OXLyS...\$Owx8s2/m9/gfkcRVXzgoE/
EOF

29
sca-cpp/trunk/modules/http/httpd.hpp
View file

@ -31,14 +31,23 @@
#include <apr_lib.h> #include <apr_lib.h>
#define APR_WANT_STRFUNC #define APR_WANT_STRFUNC
#include <apr_want.h> #include <apr_want.h>
#include <apr_base64.h>
#include <httpd.h> #include <httpd.h>
// Hack to workaround compile error with HTTPD 2.3.8
#define new new_
#include <http_config.h> #include <http_config.h>
#undef new
#include <http_core.h> #include <http_core.h>
#include <http_connection.h> #include <http_connection.h>
#include <http_request.h> #include <http_request.h>
#include <http_protocol.h> #include <http_protocol.h>
// Hack to workaround compile error with HTTPD 2.3.8
#define aplog_module_index aplog_module_index = 0
#include <http_log.h> #include <http_log.h>
#undef aplog_module_index
#undef APLOG_MODULE_INDEX
#define APLOG_MODULE_INDEX (aplog_module_index ? *aplog_module_index : APLOG_NO_MODULE)
#include <http_main.h> #include <http_main.h>
#include <util_script.h> #include <util_script.h>
#include <util_md5.h> #include <util_md5.h>
@ -46,6 +55,8 @@
#include <http_log.h> #include <http_log.h>
#include <ap_mpm.h> #include <ap_mpm.h>
#include <mod_core.h> #include <mod_core.h>
#include <ap_provider.h>
#include <mod_auth.h>
#include "string.hpp" #include "string.hpp"
#include "stream.hpp" #include "stream.hpp"
@ -358,6 +369,7 @@ const failable<int> writeResult(const failable<list<string> >& ls, const string&
* Report a request execution status. * Report a request execution status.
*/ */
const int reportStatus(const failable<int>& rc) { const int reportStatus(const failable<int>& rc) {
debug(rc, "httpd::reportStatus::rc");
if (!hasContent(rc)) if (!hasContent(rc))
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
return content(rc); return content(rc);
@ -575,10 +587,11 @@ const failable<request_rec*, int> internalSubRequest(const string& nr_uri, reque
* Return an HTTP external redirect request. * Return an HTTP external redirect request.
*/ */
const int externalRedirect(const string& uri, request_rec* r) { const int externalRedirect(const string& uri, request_rec* r) {
debug(uri, "httpd::externalRedirect");
r->status = HTTP_MOVED_TEMPORARILY; r->status = HTTP_MOVED_TEMPORARILY;
apr_table_setn(r->headers_out, "Location", apr_pstrdup(r->pool, c_str(uri))); apr_table_setn(r->headers_out, "Location", apr_pstrdup(r->pool, c_str(uri)));
r->filename = apr_pstrdup(r->pool, c_str(string("/redirect:/") + uri)); r->filename = apr_pstrdup(r->pool, c_str(string("/redirect:/") + uri));
return OK; return HTTP_MOVED_TEMPORARILY;
} }
/** /**
@ -642,6 +655,12 @@ int debugNote(unused void* r, const char* key, const char* value) {
*/ */
const bool debugRequest(request_rec* r, const string& msg) { const bool debugRequest(request_rec* r, const string& msg) {
cdebug << msg << ":" << endl; cdebug << msg << ":" << endl;
cdebug << " unparsed uri: " << debugOptional(r->unparsed_uri) << endl;
cdebug << " uri: " << debugOptional(r->uri) << endl;
cdebug << " path info: " << debugOptional(r->path_info) << endl;
cdebug << " filename: " << debugOptional(r->filename) << endl;
cdebug << " uri tokens: " << pathTokens(r->uri) << endl;
cdebug << " args: " << debugOptional(r->args) << endl;
cdebug << " server: " << debugOptional(r->server->server_hostname) << endl; cdebug << " server: " << debugOptional(r->server->server_hostname) << endl;
cdebug << " protocol: " << debugOptional(r->protocol) << endl; cdebug << " protocol: " << debugOptional(r->protocol) << endl;
cdebug << " method: " << debugOptional(r->method) << endl; cdebug << " method: " << debugOptional(r->method) << endl;
@ -649,16 +668,10 @@ const bool debugRequest(request_rec* r, const string& msg) {
cdebug << " content type: " << contentType(r) << endl; cdebug << " content type: " << contentType(r) << endl;
cdebug << " content encoding: " << debugOptional(r->content_encoding) << endl; cdebug << " content encoding: " << debugOptional(r->content_encoding) << endl;
apr_table_do(debugHeader, r, r->headers_in, NULL); apr_table_do(debugHeader, r, r->headers_in, NULL);
cdebug << " unparsed uri: " << debugOptional(r->unparsed_uri) << endl;
cdebug << " uri: " << debugOptional(r->uri) << endl;
cdebug << " path info: " << debugOptional(r->path_info) << endl;
cdebug << " filename: " << debugOptional(r->filename) << endl;
cdebug << " uri tokens: " << pathTokens(r->uri) << endl;
cdebug << " args: " << debugOptional(r->args) << endl;
cdebug << " user: " << debugOptional(r->user) << endl; cdebug << " user: " << debugOptional(r->user) << endl;
cdebug << " auth type: " << debugOptional(r->ap_auth_type) << endl; cdebug << " auth type: " << debugOptional(r->ap_auth_type) << endl;
apr_table_do(debugEnv, r, r->subprocess_env, NULL); apr_table_do(debugEnv, r, r->subprocess_env, NULL);
apr_table_do(debugEnv, r, r->notes, NULL); apr_table_do(debugNote, r, r->notes, NULL);
return true; return true;
} }

325
sca-cpp/trunk/modules/http/mod-openauth.cpp Normal file
View file

@ -0,0 +1,325 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/* $Rev$ $Date$ */
/**
* HTTPD module for Tuscany Open authentication.
*
* This module allows multiple authentication mechanisms to co-exist in a
* single Web site:
* - OAuth1 using Tuscany's mod-tuscany-oauth1
* - OAuth2 using Tuscany's mod-tuscany-oauth2
* - OpenID using mod_auth_openid
* - Form-based using HTTPD's mod_auth_form
* - SSL certificate using SSLFakeBasicAuth and mod_auth_basic
*/
#include <sys/stat.h>
#include "string.hpp"
#include "stream.hpp"
#include "list.hpp"
#include "tree.hpp"
#include "value.hpp"
#include "monad.hpp"
#include "httpd.hpp"
#include "http.hpp"
#include "openauth.hpp"
extern "C" {
extern module AP_MODULE_DECLARE_DATA mod_tuscany_openauth;
}
namespace tuscany {
namespace openauth {
/**
* Server configuration.
*/
class ServerConf {
public:
ServerConf(apr_pool_t* p, server_rec* s) : p(p), server(s) {
}
const gc_pool p;
server_rec* server;
};
/**
* Directory configuration.
*/
class DirConf {
public:
DirConf(apr_pool_t* p, char* d) : p(p), dir(d), enabled(false), login("") {
}
const gc_pool p;
const char* dir;
bool enabled;
string login;
};
/**
* Return the user info from a form auth session cookie.
*/
const failable<value> userInfo(const value& sid, const string& realm) {
const list<list<value>> info = httpd::queryArgs(sid);
debug(info, "modopenauth::userInfo::info");
const list<value> user = assoc<value>(realm + "-user", info);
if (isNil(user))
return mkfailure<value>("Couldn't retrieve user id");
const list<value> pw = assoc<value>(realm + "-pw", info);
if (isNil(pw))
return mkfailure<value>("Couldn't retrieve password");
return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", cadr(user)), mklist<value>("password", cadr(pw))));
}
/**
* Return the user info from a basic auth header.
*/
const failable<value> userInfo(const char* header, const string& realm, request_rec* r) {
debug(header, "modopenauth::userInfo::header");
if (strcasecmp(ap_getword(r->pool, &header, ' '), "Basic"))
return mkfailure<value>("Wrong authentication scheme");
while (apr_isspace(*header))
header++;
char *decoded_line = (char*)apr_palloc(r->pool, apr_base64_decode_len(header) + 1);
int length = apr_base64_decode(decoded_line, header);
decoded_line[length] = '\0';
const string user(ap_getword_nulls(r->pool, const_cast<const char**>(&decoded_line), ':'));
const string pw(decoded_line);
return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", user), mklist<value>("password", pw)));
}
/**
* Handle an authenticated request.
*/
const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
debug(info, "modopenauth::authenticated::info");
// Store user info in the request
const list<value> realm = assoc<value>("realm", info);
if (isNil(realm) || isNil(cdr(realm)))
return mkfailure<int>("Couldn't retrieve realm");
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
const list<value> id = assoc<value>("id", info);
if (isNil(id) || isNil(cdr(id)))
return mkfailure<int>("Couldn't retrieve user id");
r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(id))));
return OK;
}
/**
* Run the authnz hooks to try to authenticate a request.
*/
const failable<int> checkAuthnz(const string& user, const string& pw, request_rec* r) {
const authn_provider* provider = (const authn_provider*)ap_lookup_provider(AUTHN_PROVIDER_GROUP, AUTHN_DEFAULT_PROVIDER, AUTHN_PROVIDER_VERSION);
if (!provider || !provider->check_password)
return mkfailure<int>("No Authn provider configured");
apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER);
const authn_status auth_result = provider->check_password(r, c_str(user), c_str(pw));
apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE);
if (auth_result != AUTH_GRANTED)
return mkfailure<int>("Authentication failure for: " + user);
return OK;
}
/**
* Check user authentication.
*/
static int checkAuthn(request_rec *r) {
// Decline if we're not enabled or AuthType is not set to Open
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_openauth);
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modopenauth::checkAuthn::input");
// Get session id from the request
const maybe<string> sid = sessionID(r);
if (hasContent(sid)) {
// Decline if the session id was not created by this module
const string stype = substr(content(sid), 0, 7);
if (stype == "OAuth2_" || stype == "OAuth1_" || stype == "OpenID_")
return DECLINED;
// Retrieve the auth realm
const char* aname = ap_auth_name(r);
if (aname == NULL)
return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
// Extract user info from the session id
const failable<value> info = userInfo(content(sid), aname);
if (hasContent(info)) {
// Try to authenticate the request
const value cinfo = content(info);
const failable<int> authz = checkAuthnz(cadr(assoc<value>("id", cinfo)), cadr(assoc<value>("password", cinfo)), r);
if (!hasContent(authz)) {
// Authentication failed, redirect to login page
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
// Successfully authenticated, store the user info in the request
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(cinfo, r));
}
}
// Get basic auth header from the request
const char* header = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization");
if (header != NULL) {
// Retrieve the auth realm
const char* aname = ap_auth_name(r);
if (aname == NULL)
return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
// Extract user info from the session id
const failable<value> info = userInfo(header, aname, r);
if (hasContent(info)) {
// Try to authenticate the request
const value cinfo = content(info);
const failable<int> authz = checkAuthnz(cadr(assoc<value>("id", cinfo)), cadr(assoc<value>("password", cinfo)), r);
if (!hasContent(authz)) {
// Authentication failed, redirect to login page
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
// Successfully authenticated, store the user info in the request
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(cinfo, r));
}
}
// Get the request args
const list<list<value> > args = httpd::queryArgs(r);
// Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED;
if (!isNil(assoc<value>("mod_oauth1_step", args)))
return DECLINED;
if (!isNil(assoc<value>("mod_oauth2_step", args)))
return DECLINED;
// Redirect to the login page
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(login(dc.login, r));
}
/**
* Process the module configuration.
*/
int postConfigMerge(ServerConf& mainsc, server_rec* s) {
if (s == NULL)
return OK;
debug(httpd::serverName(s), "modopenauth::postConfigMerge::serverName");
return postConfigMerge(mainsc, s->next);
}
int postConfig(apr_pool_t* p, unused apr_pool_t* plog, unused apr_pool_t* ptemp, server_rec* s) {
gc_scoped_pool pool(p);
ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_openauth);
debug(httpd::serverName(s), "modopenauth::postConfig::serverName");
// Merge server configurations
return postConfigMerge(sc, s);
}
/**
* Child process initialization.
*/
void childInit(apr_pool_t* p, server_rec* s) {
gc_scoped_pool pool(p);
ServerConf* psc = (ServerConf*)ap_get_module_config(s->module_config, &mod_tuscany_openauth);
if(psc == NULL) {
cfailure << "[Tuscany] Due to one or more errors mod_tuscany_openauth loading failed. Causing apache to stop loading." << endl;
exit(APEXIT_CHILDFATAL);
}
ServerConf& sc = *psc;
// Merge the updated configuration into the virtual hosts
postConfigMerge(sc, s->next);
}
/**
* Configuration commands.
*/
const char* confEnabled(cmd_parms *cmd, void *c, const int arg) {
gc_scoped_pool pool(cmd->pool);
DirConf& dc = httpd::dirConf<DirConf>(c);
dc.enabled = (bool)arg;
return NULL;
}
const char* confLogin(cmd_parms *cmd, void *c, const char* arg) {
gc_scoped_pool pool(cmd->pool);
DirConf& dc = httpd::dirConf<DirConf>(c);
dc.login = arg;
return NULL;
}
/**
* HTTP server module declaration.
*/
const command_rec commands[] = {
AP_INIT_FLAG("AuthOpenAuth", (const char*(*)())confEnabled, NULL, OR_AUTHCFG, "Tuscany Open Auth authentication On | Off"),
AP_INIT_TAKE1("AuthOpenAuthLoginPage", (const char*(*)())confLogin, NULL, OR_AUTHCFG, "Tuscany Open Auth login page"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
};
void registerHooks(unused apr_pool_t *p) {
ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
}
}
}
extern "C" {
module AP_MODULE_DECLARE_DATA mod_tuscany_openauth = {
STANDARD20_MODULE_STUFF,
// dir config and merger
tuscany::httpd::makeDirConf<tuscany::openauth::DirConf>, NULL,
// server config and merger
tuscany::httpd::makeServerConf<tuscany::openauth::ServerConf>, NULL,
// commands and hooks
tuscany::openauth::commands, tuscany::openauth::registerHooks
};
}

66
sca-cpp/trunk/modules/http/open-auth-conf Executable file
View file

@ -0,0 +1,66 @@
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD form authentication configuration
here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1
root=`readlink -f $1`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix`
# Generate form authentication configuration
cat >>$root/conf/auth.conf <<EOF
# Generated by: open-auth-conf $*
# Enable Tuscany open authentication
<Location />
AuthType Open
AuthName "$host"
AuthOpenAuth On
AuthOpenAuthLoginPage /login
AuthUserFile "$root/conf/httpd.passwd"
Require valid-user
</Location>
# Use HTTPD form-based authentication
<Location /login/dologin>
AuthType Form
AuthName "$host"
AuthFormProvider file
AuthUserFile "$root/conf/httpd.passwd"
AuthFormLoginRequiredLocation /login
AuthFormLogoutLocation /
Session On
SessionCookieName TuscanyOpenAuth path=/;secure=TRUE
#SessionCryptoPassphrase secret
Require valid-user
SetHandler form-login-handler
</Location>
EOF
# Create test users
touch $root/conf/httpd.passwd
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

36
sca-cpp/trunk/modules/oauth/oauth.hpp → sca-cpp/trunk/modules/http/openauth.hpp
View file

@ -19,11 +19,11 @@
/* $Rev$ $Date$ */ /* $Rev$ $Date$ */
#ifndef tuscany_oauth_hpp #ifndef tuscany_openauth_hpp
#define tuscany_oauth_hpp #define tuscany_openauth_hpp
/** /**
* OAuth support utility functions. * Tuscany Open auth support utility functions.
*/ */
#include "string.hpp" #include "string.hpp"
@ -35,10 +35,9 @@
#include "../json/json.hpp" #include "../json/json.hpp"
#include "../http/httpd.hpp" #include "../http/httpd.hpp"
#include "../http/http.hpp" #include "../http/http.hpp"
#include "../../components/cache/memcache.hpp"
namespace tuscany { namespace tuscany {
namespace oauth { namespace openauth {
/** /**
* Return the session id from a request. * Return the session id from a request.
@ -51,29 +50,26 @@ const char* cookieName(const char* cs) {
const maybe<string> sessionID(const list<string> c) { const maybe<string> sessionID(const list<string> c) {
if (isNil(c)) if (isNil(c))
return maybe<string>(); return maybe<string>();
const list<string> kv = tokenize("=", cookieName(c_str(car(c)))); const string cn = cookieName(c_str(car(c)));
if (!isNil(kv) && !isNil(cdr(kv))) { const int i = find(cn, "=");
if (car(kv) == "TuscanyOpenAuth") if (i < length(cn)) {
return cadr(kv); const list<string> kv = mklist<string>(substr(cn, 0, i), substr(cn, i+1));
if (!isNil(kv) && !isNil(cdr(kv))) {
if (car(kv) == "TuscanyOpenAuth")
return cadr(kv);
}
} }
return sessionID(cdr(c)); return sessionID(cdr(c));
} }
const maybe<string> sessionID(const request_rec* r) { const maybe<string> sessionID(const request_rec* r) {
const char* c = apr_table_get(r->headers_in, "Cookie"); const char* c = apr_table_get(r->headers_in, "Cookie");
debug(c, "oauth::sessionid::cookies"); debug(c, "openauth::sessionid::cookies");
if (c == NULL) if (c == NULL)
return maybe<string>(); return maybe<string>();
return sessionID(tokenize(";", c)); return sessionID(tokenize(";", c));
} }
/**
* Return the user info for a session.
*/
const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
}
/** /**
* Convert a session id to a cookie string. * Convert a session id to a cookie string.
*/ */
@ -82,7 +78,7 @@ const string cookie(const string& sid) {
char exp[32]; char exp[32];
strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t)); strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t));
const string c = string("TuscanyOpenAuth=") + sid + string(";path=/;expires=" + string(exp)) + ";secure=TRUE"; const string c = string("TuscanyOpenAuth=") + sid + string(";path=/;expires=" + string(exp)) + ";secure=TRUE";
debug(c, "oauth::cookie"); debug(c, "openauth::cookie");
return c; return c;
} }
@ -92,11 +88,11 @@ const string cookie(const string& sid) {
const failable<int> login(const string& page, request_rec* r) { const failable<int> login(const string& page, request_rec* r) {
const list<list<value> > largs = mklist<list<value> >(mklist<value>("openauth_referrer", httpd::escape(httpd::url(r->uri, r)))); const list<list<value> > largs = mklist<list<value> >(mklist<value>("openauth_referrer", httpd::escape(httpd::url(r->uri, r))));
const string loc = httpd::url(page, r) + string("?") + httpd::queryString(largs); const string loc = httpd::url(page, r) + string("?") + httpd::queryString(largs);
debug(loc, "oauth::login::uri"); debug(loc, "openauth::login::uri");
return httpd::externalRedirect(loc, r); return httpd::externalRedirect(loc, r);
} }
} }
} }
#endif /* tuscany_oauth_hpp */ #endif /* tuscany_openauth_hpp */

3
sca-cpp/trunk/modules/http/proxy-conf
View file

@ -33,8 +33,7 @@ ProxyStatus On
ProxyPass / balancer://cluster/ ProxyPass / balancer://cluster/
<Proxy balancer://cluster> <Proxy balancer://cluster>
Order deny,allow Require all granted
Allow from all
ProxySet lbmethod=byrequests ProxySet lbmethod=byrequests
</Proxy> </Proxy>

5
sca-cpp/trunk/modules/http/proxy-ssl-conf
View file

@ -34,8 +34,7 @@ ProxyPass /balancer-manager !
ProxyPass / balancer://sslcluster/ ProxyPass / balancer://sslcluster/
<Proxy balancer://sslcluster> <Proxy balancer://sslcluster>
Order deny,allow Require all granted
Allow from all
ProxySet lbmethod=byrequests ProxySet lbmethod=byrequests
</Proxy> </Proxy>
@ -43,8 +42,6 @@ ProxySet lbmethod=byrequests
<Location /balancer-manager> <Location /balancer-manager>
SetHandler balancer-manager SetHandler balancer-manager
HostnameLookups on HostnameLookups on
Deny from all
Allow from all
Require user admin Require user admin
</Location> </Location>

2
sca-cpp/trunk/modules/oauth/htdocs/index.html
View file

@ -19,7 +19,7 @@
<html> <html>
<head> <head>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var protected = component("Protected"); var protected = component("Protected");
var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getnickname", "getfullname", "getfirstname", "getlastname", "getrealm"); var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getnickname", "getfullname", "getfirstname", "getlastname", "getrealm");

18
sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html
View file

@ -17,9 +17,14 @@
under the License. under the License.
--> -->
<html><body><h1>Sign in with an OpenID or OAuth provider</h1> <html><body><h1>Sign in with a Form, an OpenID provider or an OAuth provider</h1>
<script type="text/javascript"> <script type="text/javascript">
function submitFormSignin() {
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
function queryParams() { function queryParams() {
qp = new Array(); qp = new Array();
qs = window.location.search.substring(1).split('&'); qs = window.location.search.substring(1).split('&');
@ -133,6 +138,17 @@ function withTwitter() {
} }
</script> </script>
<form name="formSignin" method="POST" action="/login/dologin">
<p>Sign in with your user id and password<br/>
<table border="0">
<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr>
<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr>
</table>
</p>
<input type="hidden" name="httpd_location" value="/"/>
</form>
<form name="fields"> <form name="fields">
<p>Sign in with your Google account<br/><input type="button" onclick="submitOpenIDSignin(withGoogle)" value="Sign in"/></p> <p>Sign in with your Google account<br/><input type="button" onclick="submitOpenIDSignin(withGoogle)" value="Sign in"/></p>
<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitOpenIDSignin(withYahoo)" value="Sign in"/></p> <p>Sign in with your Yahoo account<br/><input type="button" onclick="submitOpenIDSignin(withYahoo)" value="Sign in"/></p>

65
sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
View file

@ -39,8 +39,8 @@ extern "C" {
#include "../json/json.hpp" #include "../json/json.hpp"
#include "../http/httpd.hpp" #include "../http/httpd.hpp"
#include "../http/http.hpp" #include "../http/http.hpp"
#include "../http/openauth.hpp"
#include "../../components/cache/memcache.hpp" #include "../../components/cache/memcache.hpp"
#include "oauth.hpp"
extern "C" { extern "C" {
extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth1; extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth1;
@ -83,20 +83,10 @@ public:
}; };
/** /**
* Check user authentication. * Return the user info for a session.
*/ */
static int checkUserID(request_rec *r) { const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
// Decline if we're not enabled or AuthType is not set to Open return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1);
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth1::checkUserID::input");
return OK;
} }
/** /**
@ -135,10 +125,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r
const list<value> lastname = assoc<value>("last-name", info); const list<value> lastname = assoc<value>("last-name", info);
if (!isNil(lastname) && !isNil(cdr(lastname))) if (!isNil(lastname) && !isNil(cdr(lastname)))
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
return OK;
if(r->ap_auth_type == NULL)
r->ap_auth_type = const_cast<char*>("OAuth");
return DECLINED;
} }
/** /**
@ -391,47 +378,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r,
return mkfailure<int>(reason(prc)); return mkfailure<int>(reason(prc));
// Send session ID to the client in a cookie // Send session ID to the client in a cookie
apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid))); apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid)));
return httpd::externalRedirect(httpd::url(r->uri, r), r); return httpd::externalRedirect(httpd::url(r->uri, r), r);
} }
/** /**
* Handle a request. * Check user authentication.
*/ */
int handler(request_rec* r) { static int checkAuthn(request_rec *r) {
// Decline if we're not enabled or if the user is already // Decline if we're not enabled or AuthType is not set to Open
// authenticated by another module
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1); const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1);
if(!dc.enabled) if (!dc.enabled)
return DECLINED; return DECLINED;
if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL) const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED; return DECLINED;
gc_scoped_pool pool(r->pool); gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth1::handler::input"); httpdDebugRequest(r, "modoauth1::checkAuthn::input");
const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth1); const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth1);
// Get session id from the request // Get session id from the request
const maybe<string> sid = oauth::sessionID(r); const maybe<string> sid = openauth::sessionID(r);
if (hasContent(sid)) { if (hasContent(sid)) {
// Decline if the session id was not created by this module // Decline if the session id was not created by this module
if (substr(content(sid), 0, 7) != "OAuth1_") if (substr(content(sid), 0, 7) != "OAuth1_")
return DECLINED; return DECLINED;
// If we're authenticated store the user info in the request // If we're authenticated store the user info in the request
const failable<value> info = oauth::userInfo(content(sid), sc.mc); const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(content(info), r)); return httpd::reportStatus(authenticated(content(info), r));
}
} }
// Get the request args // Get the request args
const list<list<value> > args = httpd::queryArgs(r); const list<list<value> > args = httpd::queryArgs(r);
// Decline if the request is for OpenID authentication // Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args))) if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED; return DECLINED;
// Decline if the request is for OAuth2 authentication
if (!isNil(assoc<value>("mod_oauth2_step", args))) if (!isNil(assoc<value>("mod_oauth2_step", args)))
return DECLINED; return DECLINED;
@ -441,15 +428,20 @@ int handler(request_rec* r) {
const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : ""; const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : "";
// Handle OAuth authorize request step // Handle OAuth authorize request step
if (step == "authorize") if (step == "authorize") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authorize(args, r, sc)); return httpd::reportStatus(authorize(args, r, sc));
}
// Handle OAuth access_token request step // Handle OAuth access_token request step
if (step == "access_token") if (step == "access_token") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(access_token(args, r, sc)); return httpd::reportStatus(access_token(args, r, sc));
}
// Redirect to the login page // Redirect to the login page
return httpd::reportStatus(oauth::login(dc.login, r)); r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(openauth::login(dc.login, r));
} }
/** /**
@ -567,8 +559,7 @@ const command_rec commands[] = {
void registerHooks(unused apr_pool_t *p) { void registerHooks(unused apr_pool_t *p) {
ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST);
} }
} }

70
sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
View file

@ -33,8 +33,8 @@
#include "monad.hpp" #include "monad.hpp"
#include "../http/httpd.hpp" #include "../http/httpd.hpp"
#include "../http/http.hpp" #include "../http/http.hpp"
#include "../http/openauth.hpp"
#include "../../components/cache/memcache.hpp" #include "../../components/cache/memcache.hpp"
#include "oauth.hpp"
extern "C" { extern "C" {
extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth2; extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth2;
@ -77,20 +77,10 @@ public:
}; };
/** /**
* Check user authentication. * Return the user info for a session.
*/ */
static int checkUserID(request_rec *r) { const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
// Decline if we're not enabled or AuthType is not set to Open return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2);
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth2::checkUserID::input");
return OK;
} }
/** /**
@ -99,6 +89,12 @@ static int checkUserID(request_rec *r) {
const failable<int> authenticated(const list<list<value> >& info, request_rec* r) { const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
debug(info, "modoauth2::authenticated::info"); debug(info, "modoauth2::authenticated::info");
// Store user info in the request
const list<value> realm = assoc<value>("realm", info);
if (isNil(realm) || isNil(cdr(realm)))
return mkfailure<int>("Couldn't retrieve realm");
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
const list<value> id = assoc<value>("id", info); const list<value> id = assoc<value>("id", info);
if (isNil(id) || isNil(cdr(id))) if (isNil(id) || isNil(cdr(id)))
return mkfailure<int>("Couldn't retrieve user id"); return mkfailure<int>("Couldn't retrieve user id");
@ -122,9 +118,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r
if (!isNil(lastname) && !isNil(cdr(lastname))) if (!isNil(lastname) && !isNil(cdr(lastname)))
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
if(r->ap_auth_type == NULL) return OK;
r->ap_auth_type = const_cast<char*>("OAuth");
return DECLINED;
} }
/** /**
@ -236,47 +230,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r,
return mkfailure<int>(reason(prc)); return mkfailure<int>(reason(prc));
// Send session ID to the client in a cookie // Send session ID to the client in a cookie
apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid))); apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid)));
return httpd::externalRedirect(httpd::url(r->uri, r), r); return httpd::externalRedirect(httpd::url(r->uri, r), r);
} }
/** /**
* Handle a request. * Check user authentication.
*/ */
int handler(request_rec* r) { static int checkAuthn(request_rec *r) {
// Decline if we're not enabled or if the user is already // Decline if we're not enabled or AuthType is not set to Open
// authenticated by another module
const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2); const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2);
if(!dc.enabled) if (!dc.enabled)
return DECLINED; return DECLINED;
if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL) const char* atype = ap_auth_type(r);
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED; return DECLINED;
gc_scoped_pool pool(r->pool); gc_scoped_pool pool(r->pool);
httpdDebugRequest(r, "modoauth2::handler::input"); httpdDebugRequest(r, "modoauth2::checkAuthn::input");
const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth2); const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth2);
// Get session id from the request // Get session id from the request
const maybe<string> sid = oauth::sessionID(r); const maybe<string> sid = openauth::sessionID(r);
if (hasContent(sid)) { if (hasContent(sid)) {
// Decline if the session id was not created by this module // Decline if the session id was not created by this module
if (substr(content(sid), 0, 7) != "OAuth2_") if (substr(content(sid), 0, 7) != "OAuth2_")
return DECLINED; return DECLINED;
// If we're authenticated store the user info in the request // If we're authenticated store the user info in the request
const failable<value> info = oauth::userInfo(content(sid), sc.mc); const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authenticated(content(info), r)); return httpd::reportStatus(authenticated(content(info), r));
}
} }
// Get the request args // Get the request args
const list<list<value> > args = httpd::queryArgs(r); const list<list<value> > args = httpd::queryArgs(r);
// Decline if the request is for OpenID authentication // Decline if the request is for another authentication provider
if (!isNil(assoc<value>("openid_identifier", args))) if (!isNil(assoc<value>("openid_identifier", args)))
return DECLINED; return DECLINED;
// Decline if the request is for OAuth1 authentication
if (!isNil(assoc<value>("mod_oauth1_step", args))) if (!isNil(assoc<value>("mod_oauth1_step", args)))
return DECLINED; return DECLINED;
@ -286,15 +280,20 @@ int handler(request_rec* r) {
const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : ""; const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : "";
// Handle OAuth authorize request step // Handle OAuth authorize request step
if (step == "authorize") if (step == "authorize") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(authorize(args, r, sc)); return httpd::reportStatus(authorize(args, r, sc));
}
// Handle OAuth access_token request step // Handle OAuth access_token request step
if (step == "access_token") if (step == "access_token") {
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(access_token(args, r, sc)); return httpd::reportStatus(access_token(args, r, sc));
}
// Redirect to the login page // Redirect to the login page
return httpd::reportStatus(oauth::login(dc.login, r)); r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(openauth::login(dc.login, r));
} }
/** /**
@ -412,8 +411,7 @@ const command_rec commands[] = {
void registerHooks(unused apr_pool_t *p) { void registerHooks(unused apr_pool_t *p) {
ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST);
} }
} }

29
sca-cpp/trunk/modules/oauth/oauth-conf
View file

@ -26,7 +26,7 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'` host=`echo $conf | awk '{ print $6 }'`
# Configure HTTPD mod_tuscany_oauth module # Configure HTTPD mod_tuscany_oauth module
cat >>$root/conf/httpd.conf <<EOF cat >>$root/conf/auth.conf <<EOF
# Generated by: oauth-conf $* # Generated by: oauth-conf $*
# Load support for OAuth authentication # Load support for OAuth authentication
LoadModule mod_tuscany_oauth1 $here/libmod_tuscany_oauth1.so LoadModule mod_tuscany_oauth1 $here/libmod_tuscany_oauth1.so
@ -35,22 +35,10 @@ LoadModule mod_tuscany_oauth2 $here/libmod_tuscany_oauth2.so
# Enable OAuth authentication # Enable OAuth authentication
<Location /> <Location />
AuthType Open AuthType Open
AuthName "$host"
AuthOAuth On AuthOAuth On
AuthOAuthLoginPage /login AuthOAuthLoginPage /login
</Location> Require valid-user
# Enable unauthenticated access to public areas
<Location /login>
AuthOAuth Off
</Location>
<Location /logout>
AuthOAuth Off
</Location>
<Location /public>
AuthOAuth Off
</Location>
<Location /ui>
AuthOAuth Off
</Location> </Location>
# Configure OAuth App keys # Configure OAuth App keys
@ -65,14 +53,3 @@ cat >$root/cert/oauth-keys.conf <<EOF
EOF EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: oauth-conf $*
# Require OAuth authentication
<Location />
AuthType Open
AuthName "$host"
Require valid-user
</Location>
EOF

2
sca-cpp/trunk/modules/oauth/oauth-memcached-conf
View file

@ -24,7 +24,7 @@ host=$2
port=$3 port=$3
# Configure HTTPD mod_tuscany_oauth module cache # Configure HTTPD mod_tuscany_oauth module cache
cat >>$root/conf/httpd.conf <<EOF cat >>$root/conf/auth.conf <<EOF
# Generated by: oauth-memcached-conf $* # Generated by: oauth-memcached-conf $*
AddAuthOAuthMemcached $host:$port AddAuthOAuthMemcached $host:$port

3
sca-cpp/trunk/modules/oauth/start-mixed-test
View file

@ -44,6 +44,8 @@ here=`readlink -f $0`; here=`dirname $here`
../openid/openid-memcached-conf tmp localhost 11212 ../openid/openid-memcached-conf tmp localhost 11212
../openid/openid-memcached-conf tmp localhost 11213 ../openid/openid-memcached-conf tmp localhost 11213
../http/open-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp ../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF
@ -51,6 +53,7 @@ SCAContribution `pwd`/
SCAComposite oauth.composite SCAComposite oauth.composite
Alias /login/index.html $here/htdocs/login/mixed.html Alias /login/index.html $here/htdocs/login/mixed.html
EOF EOF
../../modules/http/httpd-start tmp ../../modules/http/httpd-start tmp

10
sca-cpp/trunk/modules/oauth/start-test
View file

@ -21,14 +21,14 @@
../../components/cache/memcached-start 11212 ../../components/cache/memcached-start 11212
../../components/cache/memcached-start 11213 ../../components/cache/memcached-start 11213
../../modules/http/ssl-ca-conf tmp jsdelfino.com ../../modules/http/ssl-ca-conf tmp localhost
../../modules/http/ssl-cert-conf tmp jsdelfino.com ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp jsdelfino.com 8090/80 htdocs ../../modules/http/httpd-conf tmp localhost 8090/80 htdocs
../../modules/http/httpd-ssl-conf tmp 8453/443 ../../modules/http/httpd-ssl-conf tmp 8453/443
./oauth-conf tmp ./oauth-conf tmp
./oauth-memcached-conf tmp jsdelfino.com 11212 ./oauth-memcached-conf tmp localhost 11212
./oauth-memcached-conf tmp jsdelfino.com 11213 ./oauth-memcached-conf tmp localhost 11213
# Configure your app keys here # Configure your app keys here
./oauth1-appkey-conf tmp twitter.com app2345 secret7890 ./oauth1-appkey-conf tmp twitter.com app2345 secret7890

2
sca-cpp/trunk/modules/openid/htdocs/index.html
View file

@ -19,7 +19,7 @@
<html> <html>
<head> <head>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var protected = component("Protected"); var protected = component("Protected");
var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getrealm"); var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getrealm");

31
sca-cpp/trunk/modules/openid/openid-conf
View file

@ -26,8 +26,8 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'` host=`echo $conf | awk '{ print $6 }'`
openid_prefix=`cat $here/openid.prefix` openid_prefix=`cat $here/openid.prefix`
# Configure HTTPD mod_auth_openid module # Configure OpenID authentication
cat >>$root/conf/httpd.conf <<EOF cat >>$root/conf/auth.conf <<EOF
# Generated by: openid-conf $* # Generated by: openid-conf $*
# Load support for OpenID authentication # Load support for OpenID authentication
LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
@ -35,6 +35,8 @@ LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
# Enable OpenID authentication # Enable OpenID authentication
<Location /> <Location />
AuthType Open AuthType Open
AuthName "$host"
Require valid-user
AuthOpenIDEnabled On AuthOpenIDEnabled On
AuthOpenIDCookiePath / AuthOpenIDCookiePath /
AuthOpenIDCookieName TuscanyOpenAuth AuthOpenIDCookieName TuscanyOpenAuth
@ -47,30 +49,5 @@ AuthOpenIDAXAdd FIRSTNAME http://axschema.org/namePerson/first
AuthOpenIDAXAdd LASTNAME http://axschema.org/namePerson/last AuthOpenIDAXAdd LASTNAME http://axschema.org/namePerson/last
</Location> </Location>
# Enable unauthenticated access to public areas
<Location /login>
AuthOpenIDEnabled Off
</Location>
<Location /logout>
AuthOpenIDEnabled Off
</Location>
<Location /public>
AuthOpenIDEnabled Off
</Location>
<Location /ui>
AuthOpenIDEnabled Off
</Location>
EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: openid-conf $*
# Require OpenID authentication
<Location />
AuthType Open
AuthName "$host"
Require valid-user
</Location>
EOF EOF

2
sca-cpp/trunk/modules/openid/openid-memcached-conf
View file

@ -24,7 +24,7 @@ host=$2
port=$3 port=$3
# Configure HTTPD mod_auth_openid module cache # Configure HTTPD mod_auth_openid module cache
cat >>$root/conf/httpd.conf <<EOF cat >>$root/conf/auth.conf <<EOF
# Generated by: openid-cache-conf $* # Generated by: openid-cache-conf $*
AddAuthOpenIDMemcached $host:$port AddAuthOpenIDMemcached $host:$port

4
sca-cpp/trunk/modules/openid/openid-step2-conf
View file

@ -26,19 +26,17 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'` host=`echo $conf | awk '{ print $6 }'`
# Configure HTTPD to serve OpenID XRDS and LRDD documents # Configure HTTPD to serve OpenID XRDS and LRDD documents
cat >>$root/conf/httpd.conf <<EOF cat >>$root/conf/auth.conf <<EOF
# Generated by: openid-step2-conf $* # Generated by: openid-step2-conf $*
# Serve OpenID XRDS document # Serve OpenID XRDS document
Alias /openid $root/conf/openid.xrds Alias /openid $root/conf/openid.xrds
<Location /openid> <Location /openid>
AuthOpenIDEnabled Off
ForceType application/xrds+xml ForceType application/xrds+xml
</Location> </Location>
# Serve OpenID LRDD document # Serve OpenID LRDD document
Alias /.well-known/host-meta $root/conf/openid.lrdd Alias /.well-known/host-meta $root/conf/openid.lrdd
<Location /.well-known/host-meta> <Location /.well-known/host-meta>
AuthOpenIDEnabled Off
ForceType text/plain ForceType text/plain
</Location> </Location>

4
sca-cpp/trunk/modules/python/eval.hpp
View file

@ -135,8 +135,10 @@ PyObject* pyLambda_getattr(PyObject *self, PyObject *attrname) {
if (substr(name, 0, 1) == "_") if (substr(name, 0, 1) == "_")
return PyObject_GenericGetAttr(self, attrname); return PyObject_GenericGetAttr(self, attrname);
if (name == "eval") if (name == "eval") {
Py_INCREF(self);
return self; return self;
}
const pyLambda* pyl = (pyLambda*)self; const pyLambda* pyl = (pyLambda*)self;
debug(name, "python::getattr::name"); debug(name, "python::getattr::name");

4
sca-cpp/trunk/modules/server/Makefile.am
View file

@ -23,9 +23,9 @@ incldir = $(prefix)/include/modules/server
dist_mod_SCRIPTS = cpp-conf scheme-conf server-conf dist_mod_SCRIPTS = cpp-conf scheme-conf server-conf
moddir = $(prefix)/modules/server moddir = $(prefix)/modules/server
nobase_dist_mod_DATA = htdocs/js/*.js nobase_dist_mod_DATA = htdocs/wiring/*.js
EXTRA_DIST = domain-test.composite client-test.scm server-test.scm htdocs/*.xml htdocs/*.txt htdocs/*.html htdocs/js/*.js EXTRA_DIST = domain-test.composite client-test.scm server-test.scm htdocs/*.xml htdocs/*.txt htdocs/*.html htdocs/wiring/*.js
mod_LTLIBRARIES = libmod_tuscany_eval.la libmod_tuscany_wiring.la mod_LTLIBRARIES = libmod_tuscany_eval.la libmod_tuscany_wiring.la
noinst_DATA = libmod_tuscany_eval.so libmod_tuscany_wiring.so noinst_DATA = libmod_tuscany_eval.so libmod_tuscany_wiring.so

0
sca-cpp/trunk/modules/server/htdocs/js/ref.js → sca-cpp/trunk/modules/server/htdocs/wiring/ref.js
View file

2
sca-cpp/trunk/modules/server/server-conf
View file

@ -50,7 +50,7 @@ LoadModule mod_tuscany_wiring $here/libmod_tuscany_wiring.so
SCAWiringServerName $servername SCAWiringServerName $servername
# Serve HTTP binding JavaScript client code # Serve HTTP binding JavaScript client code
Alias /js/ref.js $here/htdocs/js/ref.js Alias /wiring/ref.js $here/htdocs/wiring/ref.js
EOF EOF

2
sca-cpp/trunk/samples/loan-python/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var component = new tuscany.sca.Component("Store"); var component = new tuscany.sca.Component("Store");

2
sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-cluster/server-ssl-conf
View file

@ -31,7 +31,7 @@ tar -C tmp/ssl -c `../../modules/http/ssl-cert-find tmp/ssl` | tar -C $root -x
../../modules/http/httpd-ssl-conf $root $sslport/443 ../../modules/http/httpd-ssl-conf $root $sslport/443
../../modules/http/vhost-ssl-conf $root ../../modules/http/vhost-ssl-conf $root
#../../modules/http/httpd-auth-conf $root #../../modules/http/basic-auth-conf $root
../../modules/oauth/oauth-conf $root ../../modules/oauth/oauth-conf $root
../../modules/oauth/oauth-memcached-conf $root localhost 11211 ../../modules/oauth/oauth-memcached-conf $root localhost 11211
../../modules/oauth/oauth-memcached-conf $root localhost 11212 ../../modules/oauth/oauth-memcached-conf $root localhost 11212

8
sca-cpp/trunk/samples/store-cluster/start
View file

@ -59,21 +59,21 @@ sleep 1
sleep 1 sleep 1
# Start two proxy balancers # Start two proxy balancers
./proxy-conf tmp/proxy1 8091 ./proxy-conf tmp/proxy1 8090
../../modules/http/proxy-member-conf tmp/proxy1 localhost 8101 ../../modules/http/proxy-member-conf tmp/proxy1 localhost 8101
../../modules/http/proxy-member-conf tmp/proxy1 localhost 8102 ../../modules/http/proxy-member-conf tmp/proxy1 localhost 8102
../../modules/http/proxy-member-conf tmp/proxy1 localhost 8103 ../../modules/http/proxy-member-conf tmp/proxy1 localhost 8103
../../modules/http/httpd-start tmp/proxy1 ../../modules/http/httpd-start tmp/proxy1
./proxy-conf tmp/proxy2 8092 ./proxy-conf tmp/proxy2 8091
../../modules/http/proxy-member-conf tmp/proxy2 localhost 8101 ../../modules/http/proxy-member-conf tmp/proxy2 localhost 8101
../../modules/http/proxy-member-conf tmp/proxy2 localhost 8102 ../../modules/http/proxy-member-conf tmp/proxy2 localhost 8102
../../modules/http/proxy-member-conf tmp/proxy2 localhost 8103 ../../modules/http/proxy-member-conf tmp/proxy2 localhost 8103
../../modules/http/httpd-start tmp/proxy2 ../../modules/http/httpd-start tmp/proxy2
# Redirect traffic from port 80 to proxy1 # Redirect traffic from port 80 to proxy1
#sudo ../../ubuntu/ip-redirect-all 80 8091 #sudo ../../ubuntu/ip-redirect-all 80 8090
# Redirect traffic from port 80 to proxy2 # Redirect traffic from port 80 to proxy2
#sudo ../../ubuntu/ip-redirect-all 80 8092 #sudo ../../ubuntu/ip-redirect-all 80 8091

2
sca-cpp/trunk/samples/store-cpp/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-cpp/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs ../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp ../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/server/cpp-conf tmp ../../modules/server/cpp-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

8
sca-cpp/trunk/samples/store-gae/Makefile.am
View file

@ -22,19 +22,19 @@ dist_sample_SCRIPTS = start stop
sampledir = $(prefix)/samples/store-gae sampledir = $(prefix)/samples/store-gae
BUILT_SOURCES = target.stamp BUILT_SOURCES = target.stamp
target.stamp: app.yaml *.py *.composite $(top_builddir)/modules/wsgi/*.py htdocs/* $(top_builddir)/modules/server/htdocs/js/* target.stamp: app.yaml *.py *.composite $(top_builddir)/modules/wsgi/*.py htdocs/* $(top_builddir)/modules/server/htdocs/wiring/*
mkdir -p target mkdir -p target
cp app.yaml *.py *.composite `ls $(top_builddir)/modules/wsgi/*.py | grep -v "\-test"` target cp app.yaml *.py *.composite `ls $(top_builddir)/modules/wsgi/*.py | grep -v "\-test"` target
mkdir -p target/htdocs mkdir -p target/htdocs
cp -R htdocs/* target/htdocs cp -R htdocs/* target/htdocs
mkdir -p target/htdocs/js mkdir -p target/htdocs/wiring
cp -R $(top_builddir)/modules/server/htdocs/js/* target/htdocs/js cp -R $(top_builddir)/modules/server/htdocs/wiring/* target/htdocs/wiring
touch target.stamp touch target.stamp
clean-local: clean-local:
rm -rf target.stamp target rm -rf target.stamp target
nobase_sample_DATA = target/app.yaml target/*.py target/*.composite target/htdocs/*.html target/htdocs/js/*.js nobase_sample_DATA = target/app.yaml target/*.py target/*.composite target/htdocs/*.html target/htdocs/wiring/*.js
EXTRA_DIST = app.yaml *.composite *.py htdocs/*.html EXTRA_DIST = app.yaml *.composite *.py htdocs/*.html

2
sca-cpp/trunk/samples/store-gae/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-java/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-java/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs ../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp ../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/java/java-conf tmp ../../modules/java/java-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-nosql/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-nosql/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs ../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp ../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp ../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-python/Makefile.am
View file

@ -20,7 +20,7 @@ if WANT_PYTHON
dist_sample_SCRIPTS = start stop ssl-start uec2-start dist_sample_SCRIPTS = start stop ssl-start uec2-start
sampledir = $(prefix)/samples/store-python sampledir = $(prefix)/samples/store-python
nobase_dist_sample_DATA = currency-converter.py fruits-catalog.py shopping-cart.py store.py store.composite htdocs/*.html nobase_dist_sample_DATA = currency-converter.py fruits-catalog.py shopping-cart.py store.py store.composite htdocs/*.html htdocs/login/*.html htdocs/logout/*.html
dist_noinst_SCRIPTS = server-test dist_noinst_SCRIPTS = server-test
TESTS = server-test TESTS = server-test

2
sca-cpp/trunk/samples/store-python/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

39
sca-cpp/trunk/samples/store-python/htdocs/login/index.html Normal file
View file

@ -0,0 +1,39 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in</h1>
<script type="text/javascript">
function submitFormSignin() {
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
</script>
<form name="formSignin" method="POST" action="/login/dologin">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr>
<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr>
<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr>
</table>
<input type="hidden" name="httpd_location" value="/"/>
</form>
</body>
</html>

33
sca-cpp/trunk/samples/store-python/htdocs/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'TuscanyFormAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

2
sca-cpp/trunk/samples/store-python/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs ../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp ../../modules/http/open-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/python/python-conf tmp ../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-scheme/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-scheme/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs ../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp ../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp ../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-sql/htdocs/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-sql/ssl-start
View file

@ -21,7 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost ../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs ../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp ../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp ../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

2
sca-cpp/trunk/samples/store-vhost/htdocs/domains/jane/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-vhost/htdocs/domains/joe/index.html
View file

@ -20,7 +20,7 @@
<head> <head>
<title>Store</title> <title>Store</title>
<script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript" src="/wiring/ref.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var store = component("Store"); var store = component("Store");

2
sca-cpp/trunk/samples/store-vhost/ssl-start
View file

@ -27,7 +27,7 @@
../../modules/http/vhost-conf tmp ../../modules/http/vhost-conf tmp
../../modules/http/httpd-ssl-conf tmp 8453 ../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/vhost-ssl-conf tmp ../../modules/http/vhost-ssl-conf tmp
../../modules/http/httpd-auth-conf tmp ../../modules/http/basic-auth-conf tmp
../../modules/server/server-conf tmp ../../modules/server/server-conf tmp
../../modules/python/python-conf tmp ../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF cat >>tmp/conf/httpd.conf <<EOF

16
sca-cpp/trunk/ubuntu/ubuntu-install-all
View file

@ -44,10 +44,10 @@ sudo apt-get -y install libssl-dev
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
exit $? exit $?
fi fi
wget http://archive.apache.org/dist/httpd/httpd-2.2.16.tar.gz wget http://archive.apache.org/dist/httpd/httpd-2.3.8.tar.gz
tar xzf httpd-2.2.16.tar.gz tar xzf httpd-2.3.8.tar.gz
cd httpd-2.2.16 cd httpd-2.3.8
./configure --enable-ssl --enable-proxy --enable-usertrack --enable-mods-shared=most --with-included-apr --with-mpm=prefork --prefix=$build/httpd-2.2.16-bin ./configure --enable-ssl --enable-proxy --enable-usertrack --enable-mods-shared=most --with-included-apr --with-mpm=prefork --prefix=$build/httpd-2.3.8-bin
make make
make install make install
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
@ -135,7 +135,7 @@ fi
wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz
tar xzf axis2c-src-1.6.0.tar.gz tar xzf axis2c-src-1.6.0.tar.gz
cd axis2c-src-1.6.0 cd axis2c-src-1.6.0
./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.2.16-bin/include --prefix=$build/axis2c-1.6.0-bin ./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.3.8-bin/include --prefix=$build/axis2c-1.6.0-bin
make make
make install make install
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
@ -238,7 +238,7 @@ sudo apt-get -y install libpcre3-dev
git clone git://github.com/jsdelfino/mod_auth_openid.git git clone git://github.com/jsdelfino/mod_auth_openid.git
cd mod_auth_openid cd mod_auth_openid
./autogen.sh ./autogen.sh
./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/httpd-2.2.16-bin --with-httpd=$build/httpd-2.2.16-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin ./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin
make make
make install make install
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
@ -336,7 +336,7 @@ git clone git://git.apache.org/tuscany-sca-cpp.git
cd tuscany-sca-cpp cd tuscany-sca-cpp
cp etc/git-exclude .git/info/exclude cp etc/git-exclude .git/info/exclude
./bootstrap ./bootstrap
./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/httpd-2.2.16-bin --with-httpd=$build/httpd-2.2.16-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin ./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
make make
make install make install
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
@ -345,5 +345,5 @@ fi
cd $build cd $build
# Create bin archive # Create bin archive
tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.2.16-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.3.8-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin