archive/apache-tuscany
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix HTTPS config scripts to enable SSL certicates, HTTP basic auth, and OpenID to coexist. Add OpenID support to sample.

Browse source 
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@981352 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
jsdelfino 2010-08-02 01:42:59 +00:00
parent b85cc12a99
commit 91bee1de5a
23 changed files with 614 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sca-cpp/trunk/modules/http/Makefile.am
View file

@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
incl_HEADERS = *.hpp
incldir = $(prefix)/include/modules/http
dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf httpd-ssl-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf
dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf httpd-ssl-conf httpd-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf
moddir=$(prefix)/modules/http
curl_test_SOURCES = curl-test.cpp

46
sca-cpp/trunk/modules/http/httpd-auth-conf Executable file
View file

@ -0,0 +1,46 @@
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD SSL configuration
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
httpd_prefix=`cat $here/httpd.prefix`
# Generate basic authentication configuration
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: httpd-auth-conf $*
# Require clients to present a userid + password for HTTP
# basic authentication
<Location />
AuthType Basic
AuthName "$host"
AuthUserFile "$root/conf/httpd.passwd"
Require valid-user
</Location>
EOF
# Create test users
$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

18
sca-cpp/trunk/modules/http/httpd-conf
View file

@ -44,7 +44,9 @@ cat >$root/conf/httpd.conf <<EOF
ServerName http://$host:$pport
PidFile $root/logs/httpd.pid
# Minimal set of modules
# Load a minimal set of modules, the load order is important
# (e.g. load mod_headers before mod_rewrite, so its hooks execute
# after mod_rewrite's hooks)
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_default_module ${modules_prefix}/modules/mod_authn_default.so
@ -58,13 +60,14 @@ LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
LoadModule asis_module ${modules_prefix}/modules/mod_asis.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
@ -80,17 +83,17 @@ Timeout 45
LimitRequestBody 1048576
HostNameLookups Off
# Logging
# Log HTTP requests
LogLevel info
ErrorLog $root/logs/error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog $root/logs/access_log combined
LogLevel warn
# Configure Mime types
DefaultType text/plain
TypesConfig $here/conf/mime.types
# Set document root
# Set default document root
DocumentRoot $htdocs
DirectoryIndex index.html
@ -113,16 +116,17 @@ Options FollowSymLinks
Allow from all
</Directory>
# Allow access to service components
# Allow access to root location
<Location />
Options FollowSymLinks
Order deny,allow
Allow from all
</Location>
# Setup HTTP virtual host
# Listen on HTTP port
Listen $port
# Setup HTTP virtual host
<VirtualHost *:$port>
ServerName http://$host:$pport

140
sca-cpp/trunk/modules/http/httpd-ssl-conf
View file

@ -45,7 +45,7 @@ RewriteCond %{SERVER_PORT} !^$sslpport$
RewriteRule .* https://%{SERVER_NAME}:$sslpport%{REQUEST_URI} [R,L]
</Location>
# Setup SSL support
# Configure SSL support
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
@ -55,19 +55,19 @@ SSLMutex "file:$root/logs/ssl_mutex"
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
# Setup HTTPS virtual host
# Listen on HTTPS port
Listen $sslport
# HTTPS virtual host
<VirtualHost *:$sslport>
ServerName https://$host:$sslpport
Include conf/ssl-svhost.conf
Include conf/svhost-ssl.conf
# Allow the server admin to view the server status
<Location /server-status>
SetHandler server-status
HostnameLookups on
Deny from All
Allow from all
Require user admin
</Location>
@ -80,7 +80,7 @@ ExtendedStatus On
EOF
# Generate HTTPS vhost configuration
cat >$root/conf/ssl-vhost.conf <<EOF
cat >$root/conf/vhost-ssl.conf <<EOF
# Generated by: httpd-ssl-conf $*
# Virtual host configuration
UseCanonicalName Off
@ -89,39 +89,113 @@ UseCanonicalName Off
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLOptions -StrictRequire +OptRenegotiate
# Logging
CustomLog "$root/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" sslcombined
CustomLog $root/logs/ssl_access_log sslcombined
LogLevel warn
# Require clients to present either:
# a certificate signed with our certification authority certificate
# or a userid + password for HTTP basic authentication
<Location />
Satisfy Any
# Verify client certificates
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +FakeBasicAuth
SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_I_DN_O} == "$org"
AuthType Basic
AuthName "$host"
AuthUserFile "$root/conf/httpd.passwd"
Require valid-user
# Log SSL requests
#CustomLog "$root/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\"" sslcombined
CustomLog $root/logs/ssl_access_log sslcombined
EOF
# Generate HTTPS authentication requirement
cat >>$root/conf/vhost-ssl.conf <<EOF
<Location />
# Require clients to use SSL and authenticate
SSLRequireSSL
# Also accept other forms of authentication (e.g. HTTP basic
# authentication, or OpenID authentication)
Satisfy Any
EOF
proxyconf=`cat $root/conf/vhost.conf | grep "# Generated by: proxy-conf"`
if [ "$proxyconf" != "" ]; then
cat >>$root/conf/vhost-ssl.conf <<EOF
# In an proxy, only require a 128+ cipher key
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# Forward received SSL client certificate info in proxied requests
RewriteEngine on
RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}]
RewriteRule .* - [E=SSL_CIPHER:%{SSL:SSL_CIPHER}]
RewriteCond %{SSL:SSL_CLIENT_I_DN} !=""
RewriteRule .* - [E=SSL_I_DN:%{SSL:SSL_CLIENT_I_DN}]
RewriteCond %{SSL:SSL_CLIENT_S_DN} !=""
RewriteRule .* - [E=SSL_S_DN:%{SSL:SSL_CLIENT_S_DN}]
RewriteCond %{SSL:SSL_CLIENT_I_DN_O} !=""
RewriteRule .* - [E=SSL_I_DN_O:%{SSL:SSL_CLIENT_I_DN_O}]
RewriteCond %{SSL:SSL_CLIENT_S_DN_OU} !=""
RewriteRule .* - [E=SSL_S_DN_OU:%{SSL:SSL_CLIENT_S_DN_OU}]
RequestHeader unset X-Forwarded-SSL-Protocol
RequestHeader unset X-Forwarded-SSL-Cipher
RequestHeader unset X-Forwarded-SSL-Issuer-DN
RequestHeader unset X-Forwarded-SSL-Client-DN
RequestHeader unset X-Forwarded-SSL-Issuer-DN-O
RequestHeader unset X-Forwarded-SSL-Client-DN-OU
RequestHeader set X-Forwarded-SSL-Protocol %{SSL_PROTOCOL}e env=SSL_PROTOCOL
RequestHeader set X-Forwarded-SSL-Cipher %{SSL_CIPHER}e env=SSL_CIPHER
RequestHeader set X-Forwarded-SSL-Issuer-DN %{SSL_I_DN}e env=SSL_I_DN
RequestHeader set X-Forwarded-SSL-Client-DN %{SSL_S_DN}e env=SSL_S_DN
RequestHeader set X-Forwarded-SSL-Issuer-DN-O %{SSL_I_DN_O}e env=SSL_I_DN_O
RequestHeader set X-Forwarded-SSL-Client-DN-OU %{SSL_S_DN_OU}e env=SSL_S_DN_OU
EOF
else
cat >>$root/conf/vhost-ssl.conf <<EOF
# In a server, require a 128+ cipher key and one of the following
# - another server's certificate issued by our certificate authority
# - a proxy certificate + forwarded info on the client request certificate,
# both signed by our certificate authority
# - OpenID authentication (set by mod_auth_openid in the auth_type)
# - another valid form of authentication as per the Satisfy directive
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and ( \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "server" ) or \
( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "proxy" and \
%{HTTP:X-Forwarded-SSL-Issuer-DN-O} == "$org" and %{HTTP:X-Forwarded-SSL-Client-DN-OU} == "server" ) or \
%{REQUEST_URI} =~ m/^.(login|logout|openid|unprotected).*$/ )
# Record received SSL client certificate info in environment vars
RewriteEngine on
RewriteRule .* - [E=SSL_PROTOCOL:%{SSL:SSL_PROTOCOL}]
RewriteRule .* - [E=SSL_CIPHER:%{SSL:SSL_CIPHER}]
RewriteCond %{SSL:SSL_CLIENT_I_DN} !=""
RewriteRule .* - [E=SSL_I_DN:%{SSL:SSL_CLIENT_I_DN}]
RewriteCond %{SSL:SSL_CLIENT_S_DN} !=""
RewriteRule .* - [E=SSL_S_DN:%{SSL:SSL_CLIENT_S_DN}]
# Store the client certificate DN in the SSL_REMOTE_USER var,
# that's similar to the SSLUserName directive but more flexible as
# it can pick a client certificate DN forwarded by a proxy
RewriteCond %{SSL:SSL_CLIENT_I_DN_O} "$org"
RewriteCond %{SSL:SSL_CLIENT_S_DN_OU} "server"
RewriteRule .* - [E=SSL_REMOTE_USER:%{SSL:SSL_CLIENT_S_DN}]
RewriteCond %{SSL:SSL_CLIENT_I_DN_O} "$org"
RewriteCond %{SSL:SSL_CLIENT_S_DN_OU} "proxy"
RewriteCond %{HTTP:X-Forwarded-SSL-Issuer-DN-O} "$org"
RewriteCond %{HTTP:X-Forwarded-SSL-Client-DN-OU} "server"
RewriteRule .* - [E=SSL_REMOTE_USER:%{HTTP:X-Forwarded-SSL-Client-DN}]
EOF
fi
cat >>$root/conf/vhost-ssl.conf <<EOF
</Location>
EOF
cat >$root/conf/ssl-svhost.conf <<EOF
cat >$root/conf/svhost-ssl.conf <<EOF
# Generated by: httpd-ssl-conf $*
# Static virtual host configuration
Include conf/ssl-vhost.conf
Include conf/vhost-ssl.conf
# Configure SSL certificates
# Declare SSL certificates used in this virtual host
SSLCACertificateFile "$root/conf/ca.crt"
SSLCertificateChainFile "$root/conf/ca.crt"
SSLCertificateFile "$root/conf/server.crt"
@ -129,12 +203,12 @@ SSLCertificateKeyFile "$root/conf/server.key"
EOF
cat >$root/conf/ssl-dvhost.conf <<EOF
cat >$root/conf/dvhost-ssl.conf <<EOF
# Mass dynamic virtual host configuration
# Generated by: httpd-ssl-conf $*
Include conf/ssl-vhost.conf
Include conf/vhost-ssl.conf
# Configure SSL certificates
# Declare wildcard SSL certificates used in this virtual host
SSLCACertificateFile "$root/conf/ca.crt"
SSLCertificateChainFile "$root/conf/ca.crt"
SSLCertificateFile "$root/conf/vhost.crt"
@ -142,9 +216,3 @@ SSLCertificateKeyFile "$root/conf/vhost.key"
EOF
# Create test users for HTTP basic authentication
$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null

3
sca-cpp/trunk/modules/http/proxy-conf
View file

@ -23,11 +23,12 @@ root=`readlink -f $1`
cat >>$root/conf/vhost.conf <<EOF
# Generated by: proxy-conf $*
# Configure HTTP proxy and balancer
# Enable HTTP reverse proxy
ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On
# Enable load balancing
ProxyPass / balancer://cluster/
<Proxy balancer://cluster>

31
sca-cpp/trunk/modules/http/proxy-ssl-conf
View file

@ -21,17 +21,14 @@
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
cat >>$root/conf/ssl-vhost.conf <<EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-conf $*
# Enable SSL proxy
SSLProxyEngine on
SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Configure proxy and balancer
# Enable HTTPS proxy
ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On
# Enable load balancing
ProxyPass /balancer-manager !
ProxyPass / balancer://sslcluster/
@ -50,21 +47,21 @@ Allow from all
Require user admin
</Location>
# Enable SSL proxy engine
SSLProxyEngine on
SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Verify server certificates
SSLProxyVerify require
SSLProxyVerifyDepth 1
EOF
cat >>$root/conf/ssl-svhost.conf <<EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-conf $*
# Setup SSL proxy certificates
# Declare the proxy SSL client certificates
SSLProxyCACertificateFile "$root/conf/ca.crt"
SSLProxyMachineCertificateFile "$root/conf/server.pem"
EOF
cat >>$root/conf/ssl-dvhost.conf <<EOF
# Generated by: proxy-ssl-conf $*
# Setup SSL proxy certificates
SSLProxyCACertificateFile "$root/conf/ca.crt"
SSLProxyMachineCertificateFile "$root/conf/server.pem"
SSLProxyMachineCertificateFile "$root/conf/proxy.pem"
EOF

2
sca-cpp/trunk/modules/http/proxy-ssl-member-conf
View file

@ -23,7 +23,7 @@ root=`readlink -f $1`
host=$2
sslport=`echo $3 | awk -F "/" '{ print $1 }'`
cat >>$root/conf/ssl-vhost.conf <<EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: proxy-ssl-member-conf $*
# Add proxy balancer member
BalancerMember balancer://sslcluster https://$host:$sslport

6
sca-cpp/trunk/modules/http/ssl-ca-conf
View file

@ -43,10 +43,10 @@ x509_extensions = v3_ca
C = US
ST = CA
L = San Francisco
O = Test Authority Organization
OU = Test Authority Unit
O = $host
OU = authority
CN = $host
emailAddress = root@$host
emailAddress = admin@$host
[ v3_ca ]
subjectKeyIdentifier = hash

6
sca-cpp/trunk/modules/http/ssl-cert-conf
View file

@ -47,10 +47,10 @@ distinguished_name = req_distinguished_name
C = US
ST = CA
L = San Francisco
O = Test Organization
OU = Test Unit
O = $host
OU = $certname
CN = $host
emailAddress = root@$host
emailAddress = admin@$host
EOF
# Generate a certificate request

2
sca-cpp/trunk/modules/http/vhost-conf
View file

@ -32,7 +32,7 @@ htdocs=`readlink -f $htdocs`
cat >>$root/conf/httpd.conf <<EOF
# Generated by: vhost-conf $*
# Setup mass dynamic virtual hosting
# Enable mass dynamic virtual hosting
NameVirtualHost *:$port
<VirtualHost *:$port>

4
sca-cpp/trunk/modules/http/vhost-ssl-conf
View file

@ -33,7 +33,7 @@ htdocs=`readlink -f $htdocs`
cat >>$root/conf/httpd.conf <<EOF
# Generated by: vhost-ssl-conf $*
# Setup mass dynamic virtual hosting
# Enable mass dynamic virtual hosting over HTTPS
NameVirtualHost *:$sslport
SSLStrictSNIVHostCheck Off
@ -42,7 +42,7 @@ ServerName https://vhost.$host:$sslpport
ServerAlias *.$host
VirtualDocumentRoot $htdocs/domains/%1/
Include conf/ssl-dvhost.conf
Include conf/dvhost-ssl.conf
</VirtualHost>
EOF

2
sca-cpp/trunk/modules/openid/Makefile.am
View file

@ -18,7 +18,7 @@
if WANT_OPENID
dist_mod_SCRIPTS = openid-conf
dist_mod_SCRIPTS = openid-conf openid-step2-conf
moddir = $(prefix)/modules/openid
mod_DATA = openid.prefix

28
sca-cpp/trunk/modules/openid/openid-conf
View file

@ -20,32 +20,46 @@
# Generate an OpenID server conf
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
openid_prefix=`cat openid.prefix`
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
host=`echo $conf | awk '{ print $6 }'`
openid_prefix=`cat $here/openid.prefix`
# Configure HTTPD mod_auth_openid module
cat >>$root/conf/httpd.conf <<EOF
# Generated by: openid-conf $*
# Support for OpenID authentication
# Load support for OpenID authentication
LoadModule authopenid_module $openid_prefix/modules/mod_auth_openid.so
# Enable OpenID authentication
<Location />
AuthType OpenID
AuthOpenIDEnabled On
AuthOpenIDCookiePath /
AuthOpenIDLoginPage /login
AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
</Location>
<Location /unprotected>
AuthOpenIDEnabled Off
</Location>
# Enable unauthenticated access to unprotected areas
<Location /login>
AuthOpenIDEnabled Off
</Location>
<Location /logout>
AuthOpenIDEnabled Off
</Location>
<Location /unprotected>
AuthOpenIDEnabled Off
</Location>
EOF
cat >>$root/conf/vhost-ssl.conf <<EOF
# Generated by: openid-conf $*
# Require OpenID authentication
<Location />
AuthType OpenID
AuthName "$host"
Require valid-user
</Location>
EOF

3
sca-cpp/trunk/modules/openid/start-test
View file

@ -18,7 +18,10 @@
# under the License.
# Setup
../../modules/http/ssl-ca-conf tmp localhost
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
./openid-conf tmp
./openid-step2-conf tmp
../../modules/server/server-conf tmp

5
sca-cpp/trunk/modules/server/mod-eval.hpp
View file

@ -612,8 +612,9 @@ const int postConfigMerge(const ServerConf& mainsc, server_rec* s) {
return OK;
ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_eval);
debug(httpd::serverName(s), "modeval::postConfigMerge::serverName");
if (sc.wiringServerName == "") sc.wiringServerName = httpd::serverName(s);
debug(httpd::serverName(s), "modeval::postConfigMerge::wiringServerName");
if (sc.wiringServerName == "")
sc.wiringServerName = mainsc.wiringServerName != ""? mainsc.wiringServerName : httpd::serverName(s);
debug(sc.wiringServerName, "modeval::postConfigMerge::wiringServerName");
sc.contributionPath = mainsc.contributionPath;
sc.compositeName = mainsc.compositeName;
sc.virtualHostContributionPath = mainsc.virtualHostContributionPath;

97
sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/login/index.html Normal file
View file

@ -0,0 +1,97 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in with an OpenID provider</h1>
<script type="text/javascript">
function queryParams() {
qp = new Array();
qs = window.location.search.substring(1).split('&');
for (i = 0; i < qs.length; i++) {
e = qs[i].indexOf('=');
if (e > 0)
qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
}
return qp;
}
function openidReferrer() {
r = queryParams()['modauthopenid.referrer'];
if (typeof(r) == 'undefined')
return r;
q = r.indexOf('?');
if (q > 0)
return r.substring(0, q);
return r;
}
if (typeof(openidReferrer()) == 'undefined') {
document.location = '/';
}
function submitSignin(w) {
document.signin.openid_identifier.value = w();
document.signin.action = openidReferrer();
document.signin.submit();
}
function withGoogle() {
return 'https://www.google.com/accounts/o8/id';
}
function withYahoo() {
return 'https://me.yahoo.com/';
}
function withMyOpenID() {
return 'http://www.myopenid.com/xrds';
}
function withVerisign() {
return 'https://pip.verisignlabs.com/';
}
function withGoogleApps() {
return 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' + document.fields.domain.value;
}
function withXRDSEndpoint() {
return document.fields.endpoint.value;
}
</script>
<form name="signin" action="/" method="GET">
<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
</form>
<form name="fields">
<p>Sign in with your Google account<br/><input type="button" onclick="submitSignin(withGoogle)" value="Sign in"/></p>
<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitSignin(withYahoo)" value="Sign in"/></p>
<p>Sign in with your MyOpenID account<br/><input type="button" onclick="submitSignin(withMyOpenID)" value="Sign in"/></p>
<p>Sign in with your Verisign account<br/><input type="button" onclick="submitSignin(withVerisign)" value="Sign in"/></p>
<p>Sign in with a Google apps domain<br/>
<input type="text" size="20" name="domain" value="example.com"/><br/>
<input type="button" onclick="submitSignin(withGoogleApps)" value="Sign in"/></p>
<p>Sign in with an OpenID endpoint<br/>
<input type="text" size="50" name="endpoint" value="https://www.google.com/accounts/o8/id"/><br/>
<input type="button" onclick="submitSignin(withXRDSEndpoint)" value="Sign in"/></p>
</form>
</body></html>

33
sca-cpp/trunk/samples/store-cluster/htdocs/domains/jane/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

97
sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/login/index.html Normal file
View file

@ -0,0 +1,97 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in with an OpenID provider</h1>
<script type="text/javascript">
function queryParams() {
qp = new Array();
qs = window.location.search.substring(1).split('&');
for (i = 0; i < qs.length; i++) {
e = qs[i].indexOf('=');
if (e > 0)
qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
}
return qp;
}
function openidReferrer() {
r = queryParams()['modauthopenid.referrer'];
if (typeof(r) == 'undefined')
return r;
q = r.indexOf('?');
if (q > 0)
return r.substring(0, q);
return r;
}
if (typeof(openidReferrer()) == 'undefined') {
document.location = '/';
}
function submitSignin(w) {
document.signin.openid_identifier.value = w();
document.signin.action = openidReferrer();
document.signin.submit();
}
function withGoogle() {
return 'https://www.google.com/accounts/o8/id';
}
function withYahoo() {
return 'https://me.yahoo.com/';
}
function withMyOpenID() {
return 'http://www.myopenid.com/xrds';
}
function withVerisign() {
return 'https://pip.verisignlabs.com/';
}
function withGoogleApps() {
return 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' + document.fields.domain.value;
}
function withXRDSEndpoint() {
return document.fields.endpoint.value;
}
</script>
<form name="signin" action="/" method="GET">
<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
</form>
<form name="fields">
<p>Sign in with your Google account<br/><input type="button" onclick="submitSignin(withGoogle)" value="Sign in"/></p>
<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitSignin(withYahoo)" value="Sign in"/></p>
<p>Sign in with your MyOpenID account<br/><input type="button" onclick="submitSignin(withMyOpenID)" value="Sign in"/></p>
<p>Sign in with your Verisign account<br/><input type="button" onclick="submitSignin(withVerisign)" value="Sign in"/></p>
<p>Sign in with a Google apps domain<br/>
<input type="text" size="20" name="domain" value="example.com"/><br/>
<input type="button" onclick="submitSignin(withGoogleApps)" value="Sign in"/></p>
<p>Sign in with an OpenID endpoint<br/>
<input type="text" size="50" name="endpoint" value="https://www.google.com/accounts/o8/id"/><br/>
<input type="button" onclick="submitSignin(withXRDSEndpoint)" value="Sign in"/></p>
</form>
</body></html>

33
sca-cpp/trunk/samples/store-cluster/htdocs/domains/joe/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

97
sca-cpp/trunk/samples/store-cluster/htdocs/login/index.html Normal file
View file

@ -0,0 +1,97 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body><h1>Sign in with an OpenID provider</h1>
<script type="text/javascript">
function queryParams() {
qp = new Array();
qs = window.location.search.substring(1).split('&');
for (i = 0; i < qs.length; i++) {
e = qs[i].indexOf('=');
if (e > 0)
qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
}
return qp;
}
function openidReferrer() {
r = queryParams()['modauthopenid.referrer'];
if (typeof(r) == 'undefined')
return r;
q = r.indexOf('?');
if (q > 0)
return r.substring(0, q);
return r;
}
if (typeof(openidReferrer()) == 'undefined') {
document.location = '/';
}
function submitSignin(w) {
document.signin.openid_identifier.value = w();
document.signin.action = openidReferrer();
document.signin.submit();
}
function withGoogle() {
return 'https://www.google.com/accounts/o8/id';
}
function withYahoo() {
return 'https://me.yahoo.com/';
}
function withMyOpenID() {
return 'http://www.myopenid.com/xrds';
}
function withVerisign() {
return 'https://pip.verisignlabs.com/';
}
function withGoogleApps() {
return 'https://www.google.com/accounts/o8/site-xrds?ns=2&hd=' + document.fields.domain.value;
}
function withXRDSEndpoint() {
return document.fields.endpoint.value;
}
</script>
<form name="signin" action="/" method="GET">
<input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id"/>
</form>
<form name="fields">
<p>Sign in with your Google account<br/><input type="button" onclick="submitSignin(withGoogle)" value="Sign in"/></p>
<p>Sign in with your Yahoo account<br/><input type="button" onclick="submitSignin(withYahoo)" value="Sign in"/></p>
<p>Sign in with your MyOpenID account<br/><input type="button" onclick="submitSignin(withMyOpenID)" value="Sign in"/></p>
<p>Sign in with your Verisign account<br/><input type="button" onclick="submitSignin(withVerisign)" value="Sign in"/></p>
<p>Sign in with a Google apps domain<br/>
<input type="text" size="20" name="domain" value="example.com"/><br/>
<input type="button" onclick="submitSignin(withGoogleApps)" value="Sign in"/></p>
<p>Sign in with an OpenID endpoint<br/>
<input type="text" size="50" name="endpoint" value="https://www.google.com/accounts/o8/id"/><br/>
<input type="button" onclick="submitSignin(withXRDSEndpoint)" value="Sign in"/></p>
</form>
</body></html>

33
sca-cpp/trunk/samples/store-cluster/htdocs/logout/index.html Normal file
View file

@ -0,0 +1,33 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html><body>
<h1>Sign out</h1>
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
function submitSignout() {
document.cookie = 'open_id_session_id=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/';
document.signout.submit();
return true;
}
</script>
<input type="button" onclick="submitSignout()" value="Sign out"/>
</form>
</body></html>

7
sca-cpp/trunk/samples/store-cluster/ssl-start
View file

@ -21,6 +21,7 @@
../../modules/http/ssl-ca-conf tmp/ssl sca-store.com
../../modules/http/ssl-cert-conf tmp/ssl sca-store.com server
../../modules/http/ssl-cert-conf tmp/ssl *.sca-store.com vhost
../../modules/http/ssl-cert-conf tmp/ssl sca-store.com proxy
# Start three identical app servers
../../modules/http/httpd-conf tmp/server1 sca-store.com 8101/80 htdocs
@ -28,6 +29,8 @@
cp `../../modules/http/ssl-ls tmp/ssl` tmp/server1/conf
../../modules/http/httpd-ssl-conf tmp/server1 8441/443
../../modules/http/vhost-ssl-conf tmp/server1
../../modules/openid/openid-conf tmp/server1
../../modules/openid/openid-step2-conf tmp/server1
../../modules/server/server-conf tmp/server1
../../modules/python/python-conf tmp/server1
cat >>tmp/server1/conf/httpd.conf <<EOF
@ -43,6 +46,8 @@ EOF
cp `../../modules/http/ssl-ls tmp/ssl` tmp/server2/conf
../../modules/http/httpd-ssl-conf tmp/server2 8442/443
../../modules/http/vhost-ssl-conf tmp/server2
../../modules/openid/openid-conf tmp/server2
../../modules/openid/openid-step2-conf tmp/server2
../../modules/server/server-conf tmp/server2
../../modules/python/python-conf tmp/server2
cat >>tmp/server2/conf/httpd.conf <<EOF
@ -58,6 +63,8 @@ EOF
cp `../../modules/http/ssl-ls tmp/ssl` tmp/server3/conf
../../modules/http/httpd-ssl-conf tmp/server3 8443/443
../../modules/http/vhost-ssl-conf tmp/server3
../../modules/openid/openid-conf tmp/server3
../../modules/openid/openid-step2-conf tmp/server3
../../modules/server/server-conf tmp/server3
../../modules/python/python-conf tmp/server3
cat >>tmp/server3/conf/httpd.conf <<EOF

1
sca-cpp/trunk/samples/store-python/ssl-start
View file

@ -21,6 +21,7 @@
../../modules/http/ssl-cert-conf tmp localhost
../../modules/http/httpd-conf tmp localhost 8090 htdocs
../../modules/http/httpd-ssl-conf tmp 8453
../../modules/http/httpd-auth-conf tmp
../../modules/server/server-conf tmp
../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF