[jboss-cvs] JBossAS SVN: r61285 - in trunk/testsuite/src/resources/test-configs: tomcat-sso-cluster/deployers/jbossweb.deployer and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 12 11:55:47 EDT 2007
Author: bstansberry at jboss.com
Date: 2007-03-12 11:55:47 -0400 (Mon, 12 Mar 2007)
New Revision: 61285
Modified:
trunk/testsuite/src/resources/test-configs/tomcat-sso-cluster/deployers/jbossweb.deployer/server.xml
trunk/testsuite/src/resources/test-configs/tomcat-sso/deployers/jbossweb.deployer/server.xml
Log:
Sync up with the standard config
Modified: trunk/testsuite/src/resources/test-configs/tomcat-sso/deployers/jbossweb.deployer/server.xml
===================================================================
--- trunk/testsuite/src/resources/test-configs/tomcat-sso/deployers/jbossweb.deployer/server.xml 2007-03-12 15:55:04 UTC (rev 61284)
+++ trunk/testsuite/src/resources/test-configs/tomcat-sso/deployers/jbossweb.deployer/server.xml 2007-03-12 15:55:47 UTC (rev 61285)
@@ -1,5 +1,9 @@
<Server>
+ <!-- Optional listener which ensures correct init and shutdown of APR,
+ and provides information if it is not installed -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" />
+
<!-- Use a custom version of StandardService that allows the
connectors to be started independent of the normal lifecycle
start to allow web apps to be deployed before starting the
@@ -10,10 +14,30 @@
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" address="${jboss.bind.address}"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" address="${jboss.bind.address}"
+ emptySessionPath="true" enableLookups="false" redirectPort="8443"
+ protocol="AJP/1.3"/>
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
+ keystorePass="rmi+ssl" sslProtocol = "TLS" />
+ -->
+
<Engine name="jboss.web" defaultHost="localhost">
<!-- The JAAS based authentication and authorization realm implementation
@@ -31,24 +55,105 @@
-->
<Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
- allRolesMode="authOnly"/>
+ allRolesMode="authOnly"
+ />
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false" deployXML="false"
+ configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve" />
+ -->
+ <!-- Access logger -->
+ <!--
+ <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common" directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" />
+ -->
- <Host name="localhost"
- autoDeploy="false" deployOnStartup="false" deployXML="false">
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
+
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
<!-- Uncomment to enable single sign-on across web apps
- deployed to this host. Does not provide SSO across a cluster.
+ deployed to this host AND to all other hosts in the cluster.
- If this valve is used, do not use the JBoss SingleSignOn valve
- shown below.
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. By default, the valve
+ shares a JBossCache with the service that supports HttpSession
+ replication. See the "tc6-cluster-service.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see above
+
+ treeCacheName JMX ObjectName of the JBossCache MBean used to
+ support credential caching and replication across
+ the cluster. If not set, the default value is
+ "jboss.cache:service=TomcatClusteringCache", the
+ standard ObjectName of the JBossCache MBean used
+ to support session replication.
-->
- <Valve className="org.apache.catalina.authenticator.SingleSignOn"
- debug="0"/>
+ <!--
+ <Valve className="org.jboss.web.tomcat.tc6.sso.ClusteredSingleSignOn" />
+ -->
- <!-- Default context parameters -->
- <DefaultContext cookies="true" crossContext="true" override="true"/>
-
+ <!-- Check for unclosed connections and transaction terminated checks
+ in servlets/jsps.
+
+ Important: The dependency on the CachedConnectionManager
+ in META-INF/jboss-service.xml must be uncommented, too
+ TODO:
+ <Valve className="org.jboss.web.tomcat.tc6.jca.CachedConnectionValve"
+ cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager" />
+ -->
+
</Host>
</Engine>
Modified: trunk/testsuite/src/resources/test-configs/tomcat-sso-cluster/deployers/jbossweb.deployer/server.xml
===================================================================
--- trunk/testsuite/src/resources/test-configs/tomcat-sso-cluster/deployers/jbossweb.deployer/server.xml 2007-03-12 15:55:04 UTC (rev 61284)
+++ trunk/testsuite/src/resources/test-configs/tomcat-sso-cluster/deployers/jbossweb.deployer/server.xml 2007-03-12 15:55:47 UTC (rev 61285)
@@ -1,5 +1,9 @@
<Server>
+ <!-- Optional listener which ensures correct init and shutdown of APR,
+ and provides information if it is not installed -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" />
+
<!-- Use a custom version of StandardService that allows the
connectors to be started independent of the normal lifecycle
start to allow web apps to be deployed before starting the
@@ -10,10 +14,30 @@
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" address="${jboss.bind.address}"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" address="${jboss.bind.address}"
+ emptySessionPath="true" enableLookups="false" redirectPort="8443"
+ protocol="AJP/1.3"/>
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
+ keystorePass="rmi+ssl" sslProtocol = "TLS" />
+ -->
+
<Engine name="jboss.web" defaultHost="localhost">
<!-- The JAAS based authentication and authorization realm implementation
@@ -31,20 +55,105 @@
-->
<Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
- allRolesMode="authOnly"/>
+ allRolesMode="authOnly"
+ />
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false" deployXML="false"
+ configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve" />
+ -->
+
+ <!-- Access logger -->
+ <!--
+ <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common" directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
- <Host name="localhost"
- autoDeploy="false" deployOnStartup="false" deployXML="false">
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
<!-- Uncomment to enable single sign-on across web apps
- deployed to this host. Provides SSO across a cluster.
+ deployed to this host AND to all other hosts in the cluster.
+
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. By default, the valve
+ shares a JBossCache with the service that supports HttpSession
+ replication. See the "tc6-cluster-service.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see above
+
+ treeCacheName JMX ObjectName of the JBossCache MBean used to
+ support credential caching and replication across
+ the cluster. If not set, the default value is
+ "jboss.cache:service=TomcatClusteringCache", the
+ standard ObjectName of the JBossCache MBean used
+ to support session replication.
-->
- <Valve className="org.jboss.web.tomcat.tc6.sso.ClusteredSingleSignOn"
- debug="2" />
+ <Valve className="org.jboss.web.tomcat.tc6.sso.ClusteredSingleSignOn" />
- <!-- Default context parameters -->
- <DefaultContext cookies="true" crossContext="true" override="true"/>
-
+ <!-- Check for unclosed connections and transaction terminated checks
+ in servlets/jsps.
+
+ Important: The dependency on the CachedConnectionManager
+ in META-INF/jboss-service.xml must be uncommented, too
+ TODO:
+ <Valve className="org.jboss.web.tomcat.tc6.jca.CachedConnectionValve"
+ cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager" />
+ -->
+
</Host>
</Engine>
More information about the jboss-cvs-commits
mailing list