[jboss-cvs] JBossAS SVN: r108663 - in branches/JBPAPP_5_1/testsuite: imports and 6 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 19 12:58:11 EDT 2010
Author: pskopek at redhat.com
Date: 2010-10-19 12:58:10 -0400 (Tue, 19 Oct 2010)
New Revision: 108663
Added:
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/deploy/
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/deploy/jbossweb.sar/
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/deploy/jbossweb.sar/server.xml
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.cer
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.crt
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.pem
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.crt
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.pem
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-none/
Modified:
branches/JBPAPP_5_1/testsuite/build.xml
branches/JBPAPP_5_1/testsuite/imports/server-config.xml
branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/rmi/ejb3/HelloWorldBean.java
branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc/deploy/jbossweb.sar/server.xml
Log:
cc: fixes to using jboss-natives in certified configuation.
Modified: branches/JBPAPP_5_1/testsuite/build.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/build.xml 2010-10-19 16:34:39 UTC (rev 108662)
+++ branches/JBPAPP_5_1/testsuite/build.xml 2010-10-19 16:58:10 UTC (rev 108663)
@@ -1783,7 +1783,7 @@
<delete dir="${jboss.dist}${/}server${/}cc" quiet="true"/>
<delete dir="${jboss.dist}${/}server${/}cc-audit" quiet="true"/>
- <!-- Create the CC config starting with the production config -->
+ <!-- Create the CC config starting with the production config -->
<create-config baseconf="production" newconf="cc">
<patternset>
<include name="conf/**" />
@@ -1795,6 +1795,48 @@
</patternset>
</create-config>
+ <!-- Additional cc config modifications -->
+ <copy file="${build.resources}/cc/cc.policy" todir="${jboss.dist}/server/cc" />
+
+ <!-- runs only when "cc.use.natives" property is set to true -->
+ <antcall target="modify-cc-to-natives"/>
+
+
+ <!-- delete SNMP adapter, because it is not allowed in CC config -->
+ <delete dir="${jboss.dist}/server/cc/deploy/snmp-adaptor.sar"/>
+
+ <!-- delete HSQL DB which is not allowed in CC config
+ Alternate configuration at test-configs/cc/deploy contains DefaultDS
+ file called oracle-ds.xml for default Oracle DB.
+ -->
+ <!--
+ <delete file="${jboss.dist}/server/cc/lib/hsqldb.jar"/>
+ <delete file="${jboss.dist}/server/cc/lib/hsqldb-plugin.jar"/>
+ <delete file="${jboss.dist}/server/cc/deploy/hsqldb-ds.xml"/>
+ <delete file="${jboss.dist}/server/cc/deploy/jboss-messaging.sar/clustered-hsqldb-persistence-service.xml"/>
+ -->
+
+ <!-- Disable Remote Method Invocation (RMI) under the Internet Inter-ORB Protocol (IIOP) -->
+ <delete file="${jboss.dist}/server/cc/conf/jacorb.properties"/>
+ <delete file="${jboss.dist}/server/cc/deploy/iiop-service.xml"/>
+ <delete file="${jboss.dist}/server/cc/lib/jacorb.jar"/>
+ <!-- delete file="${jboss.dist}/common/lib/jboss-iiop.jar"/ -->
+
+ <!-- copy alternate part of configuration (cc-none, cc-db, cc-ldap) -->
+ <!-- copy todir="${jboss.dist}/server/cc" overwrite="true">
+ <fileset dir="${build.resources}/test-configs/${alternate-config}">
+ <include name="**/*"/>
+ </fileset>
+ </copy -->
+
+ <!-- DB config patch (copy JDBC driver library) -->
+ <!-- copy todir="${jboss.dist}/server/cc/lib" overwrite="true" failonerror="false">
+ <fileset dir="/qa/tools/opt/opt/jdbc-drivers">
+ <include name="${jdbc-driver.pattern}"/>
+ </fileset>
+ </copy -->
+
+
<create-config baseconf="cc" newconf="cc-audit">
<patternset>
<include name="conf/**" />
@@ -1805,52 +1847,40 @@
<include name="lib/**" />
<include name="cc.*"/>
<include name="ssl.*"/>
+ <include name="localhost.*"/>
</patternset>
</create-config>
- <copy file="${build.resources}/cc/cc.policy" todir="${jboss.dist}/server/cc-audit" />
+ <create-config baseconf="cc" newconf="cc-secured">
+ <patternset>
+ <include name="conf/**" />
+ <include name="deployers/**" />
+ <include name="deploy/**" />
+ <include name="deploy-hasingleton/**" />
+ <include name="farm/**" />
+ <include name="lib/**" />
+ <include name="cc.*"/>
+ <include name="ssl.*"/>
+ <include name="localhost.*"/>
+ </patternset>
+ </create-config>
<!-- prepare run.conf for audit testing -->
- <copy file="${build.resources}/cc/cc.policy" todir="${jboss.dist}/server/cc-audit" />
<echo file="${jboss.dist}/server/cc-audit/run.conf">
JAVA_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true -Djboss.home.dir=${jboss.dist} -Djboss.server.home.dir=${jboss.dist}${/}server${/}cc-audit -Djava.security.manager -Djava.security.policy==${jboss.dist}${/}server${/}cc-audit/cc.policy"</echo>
- <!-- delete SNMP adapter, because it is not allowed in CC config -->
- <delete dir="${jboss.dist}/server/cc/deploy/snmp-adaptor.sar"/>
- <!-- delete HSQL DB which is not allowed in CC config
- Alternate configuration at test-configs/cc/deploy contains DefaultDS
- file called oracle-ds.xml for default Oracle DB.
- -->
- <!--
- <delete file="${jboss.dist}/server/cc/lib/hsqldb.jar"/>
- <delete file="${jboss.dist}/server/cc/lib/hsqldb-plugin.jar"/>
- <delete file="${jboss.dist}/server/cc/deploy/hsqldb-ds.xml"/>
- <delete file="${jboss.dist}/server/cc/deploy/jboss-messaging.sar/clustered-hsqldb-persistence-service.xml"/>
- -->
+ </target>
- <!-- Disable Remote Method Invocation (RMI) under the Internet Inter-ORB Protocol (IIOP) -->
- <delete file="${jboss.dist}/server/cc/conf/jacorb.properties"/>
- <delete file="${jboss.dist}/server/cc/deploy/iiop-service.xml"/>
- <delete file="${jboss.dist}/server/cc/lib/jacorb.jar"/>
- <!-- delete file="${jboss.dist}/common/lib/jboss-iiop.jar"/ -->
-
- <!-- copy alternate part of configuration (cc-none, cc-db, cc-ldap) -->
- <!-- copy todir="${jboss.dist}/server/cc" overwrite="true">
- <fileset dir="${build.resources}/test-configs/${alternate-config}">
- <include name="**/*"/>
- </fileset>
- </copy -->
-
- <!-- DB config patch (copy JDBC driver library) -->
- <!-- copy todir="${jboss.dist}/server/cc/lib" overwrite="true" failonerror="false">
- <fileset dir="/qa/tools/opt/opt/jdbc-drivers">
- <include name="${jdbc-driver.pattern}"/>
- </fileset>
- </copy -->
-
+ <!-- Modify default cc config to use jboss natives -->
+ <target name="modify-cc-to-natives" if="cc.use.natives">
+ <copy todir="${jboss.dist}/server/cc" overwrite="true">
+ <fileset dir="${build.resources}/test-configs/cc-native">
+ <include name="**/*"/>
+ </fileset>
+ </copy>
</target>
-
+
<!--
| Tests for Common Criteria Evaluation. The JBoss server must be running with a security manager for those tests
@@ -2004,20 +2034,7 @@
<target name="cc-tests-secured" description="Tests run against secured configuration">
- <create-config baseconf="cc" newconf="cc-secured">
- <patternset>
- <include name="conf/**" />
- <include name="deployers/**" />
- <include name="deploy/**" />
- <include name="deploy-hasingleton/**" />
- <include name="farm/**" />
- <include name="lib/**" />
- <include name="cc.*"/>
- <include name="ssl.*"/>
- </patternset>
- </create-config>
-
<server:start name="cc-secured" />
@@ -2080,7 +2097,7 @@
<target name="cc-tests-cluster" description="Clustering tests for CC">
- <delete dir="${jboss.dist}${/}server${/}cluster-*" quiet="true"/>
+ <delete dir="${jboss.dist}${/}server${/}cc-cluster-*" quiet="true"/>
<patternset id="cc-cluster-tests.includes">
<include name="org/jboss/test/cluster/defaultcfg/test/HAInvokerUnitTestCase.class"/>
@@ -2091,8 +2108,8 @@
<antcall target="tests-clustering-configure" inheritRefs="true">
<param name="conf" value="cc-cluster"/>
- <param name="baseconf" value="production"/>
- <param name="newconf-src" value="cc"/>
+ <param name="baseconf" value="cc"/>
+ <param name="newconf-src" value="cc-none"/>
</antcall>
<server:start name="cc-cluster-0"/>
Modified: branches/JBPAPP_5_1/testsuite/imports/server-config.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/imports/server-config.xml 2010-10-19 16:34:39 UTC (rev 108662)
+++ branches/JBPAPP_5_1/testsuite/imports/server-config.xml 2010-10-19 16:58:10 UTC (rev 108663)
@@ -243,9 +243,9 @@
<jvmarg value="-Djboss.server.home.dir=${jboss.dist}${/}server${/}cc" />
<jvmarg value="-Djboss.test.deploy.dir=${jboss.test.deploy.dir}" />
<jvmarg value="-Djava.security.manager"/>
- <jvmarg value="-Djava.security.policy==${jboss.test.resources.dir}/cc/cc.policy"/>
+ <jvmarg value="-Djava.security.policy==${jboss.dist}${/}server${/}cc/cc.policy"/>
<jvmarg value="-D${cc.java.security.debug}=access,failure"/>
- <jvmarg value="-D${java.library.path}=${cc.java.library.path}"/>
+ <jvmarg value="-D${cc.prop.java.library.path}=${cc.java.library.path}"/>
<sysproperty key="java.protocol.handler.pkgs" value="org.jboss.handlers.stub"/>
<!-- Replace for security manager debug verbose info
@@ -267,9 +267,9 @@
<jvmarg value="-Djboss.server.home.dir=${jboss.dist}${/}server${/}cc-secured" />
<jvmarg value="-Djboss.test.deploy.dir=${jboss.test.deploy.dir}" />
<jvmarg value="-Djava.security.manager"/>
- <jvmarg value="-Djava.security.policy==${jboss.test.resources.dir}/cc/cc.policy"/>
+ <jvmarg value="-Djava.security.policy==${jboss.dist}${/}server${/}cc/cc.policy"/>
<jvmarg value="-D${cc.java.security.debug}=access,failure"/>
- <jvmarg value="-D${java.library.path}=${cc.java.library.path}"/>
+ <jvmarg value="-D${cc.prop.java.library.path}=${cc.java.library.path}"/>
<sysproperty key="java.protocol.handler.pkgs" value="org.jboss.handlers.stub"/>
<sysproperty key="java.net.preferIPv4Stack" value="true" />
@@ -289,7 +289,7 @@
<jvmarg value="-Djava.security.manager"/>
<jvmarg value="-Djava.security.policy==${jboss.test.resources.dir}/cc/cc.policy"/>
<jvmarg value="-D${cc.java.security.debug}=access,failure"/>
- <jvmarg value="-D${java.library.path}=${cc.java.library.path}"/>
+ <jvmarg value="-D${cc.prop.java.library.path}=${cc.java.library.path}"/>
<sysproperty key="java.net.preferIPv4Stack" value="true" />
<sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
@@ -317,7 +317,7 @@
<jvmarg value="-Djava.security.manager"/>
<jvmarg value="-Djava.security.policy==${jboss.test.resources.dir}/cc/cc.policy"/>
<jvmarg value="-D${cc.java.security.debug}=access,failure"/>
- <jvmarg value="-D${java.library.path}=${cc.java.library.path}"/>
+ <jvmarg value="-D${cc.prop.java.library.path}=${cc.java.library.path}"/>
<sysproperty key="java.net.preferIPv4Stack" value="true" />
<sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
@@ -1574,6 +1574,7 @@
<include name="deploy-hasingleton/**"/>
<include name="farm/**"/>
<include name="lib/**"/>
+ <include name="*"/>
</fileset>
</copy>
<echo message="Overwriting config descriptors" />
Modified: branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/rmi/ejb3/HelloWorldBean.java
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/rmi/ejb3/HelloWorldBean.java 2010-10-19 16:34:39 UTC (rev 108662)
+++ branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/rmi/ejb3/HelloWorldBean.java 2010-10-19 16:58:10 UTC (rev 108663)
@@ -35,7 +35,7 @@
@Stateless
@Remote(HelloWorld.class)
@RemoteBindings({
- @RemoteBinding(clientBindUrl = "https://localhost:8443/servlet-invoker/SSLServerInvokerServlet",jndiBinding="HelloWorldBean/remote-https"),
+ @RemoteBinding(clientBindUrl = "https://localhost:8445/servlet-invoker/SSLServerInvokerServlet",jndiBinding="HelloWorldBean/remote-https"),
@RemoteBinding(clientBindUrl = "http://localhost:8080/servlet-invoker/SSLServerInvokerServlet",jndiBinding="HelloWorldBean/remote-http")
})
public class HelloWorldBean implements HelloWorld {
Modified: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc/deploy/jbossweb.sar/server.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc/deploy/jbossweb.sar/server.xml 2010-10-19 16:34:39 UTC (rev 108662)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc/deploy/jbossweb.sar/server.xml 2010-10-19 16:58:10 UTC (rev 108663)
@@ -28,15 +28,14 @@
redirectPort="8443" />
-->
- <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8445" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/ssl.keystore"
keystorePass="secsec" sslProtocol = "TLS" />
-
- <!-- SSL/TLS Connector configuration tomcat-ssl tests -->
+ <!-- SSL/TLS Connector configuration tomcat-ssl tests -->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="true"
@@ -46,22 +45,22 @@
keystoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
keystorePass="unit-tests-server" sslProtocol = "TLS" />
-
<!-- A HTTP/1.1 Connector on port 9080 which redirects to 9443 for https -->
<Connector port="9081" address="${jboss.bind.address}"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="9443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>
- <!-- SSL/TLS Connector configuration -->
+ <!-- SSL/TLS Connector configuration -->
<Connector port="9443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="true"
SSLEnabled="true"
sslProtocol = "TLS" securityDomain="java:/jaas/jbosstest-ssl"
SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
-
- <!-- SSL/TLS Connector with encrypted keystore password configuration -->
+
+
+ <!-- SSL/TLS Connector with encrypted keystore password configuration -->
<Connector port="9943" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="true"
@@ -69,8 +68,6 @@
SSLEnabled="true"
securityDomain="java:/jaas/encrypt-keystore-password"
SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
-
-
<Engine name="jboss.web" defaultHost="localhost">
Added: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/deploy/jbossweb.sar/server.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/deploy/jbossweb.sar/server.xml (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/deploy/jbossweb.sar/server.xml 2010-10-19 16:58:10 UTC (rev 108663)
@@ -0,0 +1,237 @@
+<Server>
+
+ <!-- Optional listener which ensures correct init and shutdown of APR,
+ and provides information if it is not installed -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+ <Listener className="org.apache.catalina.core.JasperListener" />
+
+ <Service name="jboss.web">
+
+
+ <!-- A HTTP/1.1 Connector on port 8080 -->
+ <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
+ connectionTimeout="20000" redirectPort="8443" />
+
+ <Connector port="8081" address="${jboss.bind.address}"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ connectionTimeout="20000" disableUploadTimeout="true"/>
+
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009
+ <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
+ redirectPort="8443" />
+ -->
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector protocol="HTTP/1.1" SSLEnabled="true"
+ port="8445" address="${jboss.bind.address}"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/ssl.keystore"
+ keystorePass="secsec" sslProtocol = "TLS" />
+ -->
+ <Connector protocol="HTTP/1.1" SSLEnabled="true"
+ port="8445" address="${jboss.bind.address}"
+ scheme="https" secure="true"
+ SSLVerifyClient="none"
+ SSLCertificateFile="${jboss.server.home.dir}/ssl.crt"
+ SSLCertificateKeyFile="${jboss.server.home.dir}/ssl.pem"
+ sslProtocol = "TLSv1" />
+
+ <!-- SSL/TLS Connector configuration tomcat-ssl tests
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
+ scheme="https" secure="true" clientAuth="true"
+ SSLEnabled="true"
+ truststoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
+ truststorePass="unit-tests-server"
+ keystoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
+ keystorePass="unit-tests-server" sslProtocol = "TLS" />
+ -->
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
+ scheme="https" secure="true"
+ SSLVerifyClient="optional"
+ SSLEnabled="true"
+ SSLCertificateFile="${jboss.server.home.dir}/localhost.crt"
+ SSLCertificateKeyFile="${jboss.server.home.dir}/localhost.pem"
+ SSLCACertificateFile="${jboss.server.home.dir}/localhost.cer"
+ sslProtocol = "TLSv1" />
+
+ <!-- A HTTP/1.1 Connector on port 9080 which redirects to 9443 for https -->
+ <Connector port="9081" address="${jboss.bind.address}"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" redirectPort="9443" acceptCount="100"
+ connectionTimeout="20000" disableUploadTimeout="true"/>
+
+ <!-- SSL/TLS Connector configuration -->
+ <Connector port="9443" address="${jboss.bind.address}"
+ maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
+ scheme="https" secure="true"
+ SSLEnabled="true"
+ SSLVerifyClient="optional"
+ sslProtocol = "TLSv1"
+ SSLCertificateFile="${jboss.server.home.dir}/localhost.crt"
+ SSLCertificateKeyFile="${jboss.server.home.dir}/localhost.pem"
+ SSLCACertificateFile="${jboss.server.home.dir}/localhost.cer"
+ securityDomain="java:/jaas/jbosstest-ssl"
+ SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
+
+
+ <!-- SSL/TLS Connector with encrypted keystore password configuration -->
+ <Connector port="9943" address="${jboss.bind.address}"
+ maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
+ scheme="https" secure="true"
+ SSLEnabled="true"
+ sslProtocol = "TLSv1"
+ SSLVerifyClient="optional"
+ SSLCertificateFile="${jboss.server.home.dir}/localhost.crt"
+ SSLCertificateKeyFile="${jboss.server.home.dir}/localhost.pem"
+ SSLCACertificateFile="${jboss.server.home.dir}/localhost.cer"
+ securityDomain="java:/jaas/encrypt-keystore-password"
+ SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
+
+
+
+ <Engine name="jboss.web" defaultHost="localhost">
+
+ <!-- The JAAS based authentication and authorization realm implementation
+ that is compatible with the jboss 3.2.x realm implementation.
+ - certificatePrincipal : the class name of the
+ org.jboss.security.auth.certs.CertificatePrincipal impl
+ used for mapping X509[] cert chains to a Princpal.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ -->
+ <Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <Host name="localhost">
+
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve" />
+ -->
+
+ <!-- Access logger -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common" directory="${jboss.server.log.dir}"
+ resolveHosts="false" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
+
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <!-- -->
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host AND to all other hosts in the cluster.
+
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. See the
+ "jboss-web-clusteredsso-beans.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see non-clustered valve above
+
+ cacheConfig Name of the CacheManager service configuration
+ to use for the clustered SSO cache. See
+ deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml
+ Default is "clustered-sso".
+
+ treeCacheName Deprecated. Use "cacheConfig".
+ JMX ObjectName of the JBoss Cache MBean used to
+ support credential caching and replication across
+ the cluster. Only used if no cache can be located
+ from the CacheManager service using the "cacheConfig"
+ attribute (or its default value). If not set, the
+ default is "jboss.cache:service=TomcatClusteringCache"
+
+ maxEmptyLife The maximum number of seconds an SSO with no
+ active sessions will be usable by a request
+
+ processExpiresInterval The minimum number of seconds between
+ efforts by the valve to find and invalidate
+ SSO's that have exceeded their 'maxEmptyLife'.
+ Does not imply effort will be spent on such
+ cleanup every 'processExpiresInterval'.
+ -->
+ <!--
+ <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
+ -->
+
+ <!-- Check for unclosed connections and transaction terminated checks
+ in servlets/jsps.
+
+ Important: The dependency on the CachedConnectionManager
+ in META-INF/jboss-service.xml must be uncommented, too
+ -->
+
+ <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
+ cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager" />
+
+ </Host>
+ </Engine>
+
+ </Service>
+
+</Server>
Added: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.cer
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.cer (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.cer 2010-10-19 16:58:10 UTC (rev 108663)
@@ -0,0 +1,50 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAKv1Uv9kGk3vMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1p
+ZSBQYXNzMRMwEQYDVQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UE
+AxMJamJvc3MuY29tMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBqYm9zcy5jb20wHhcN
+MDUwODAyMjA1MjA4WhcNMzIxMjE4MjA1MjA4WjCBkjELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEG
+A1UEChMKSkJvc3MgSW5jLjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNv
+bTEeMBwGCSqGSIb3DQEJARYPYWRtaW5AamJvc3MuY29tMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDE0ykCaGFDXnF+4ASlGPTh6yPvUOEGCQWIr10B+0qPk9ct
+yGpJR8dxFqlRBQ/ORCx+SPASEJd/xt9QSScDFNeKIHClKq96k1DBJBflDCRTJQkn
+3d6VsxTlW1PGjFejnqEII0mtpoiUxS3jyHBY8lNf7izRuSCxbFS+LXeEiDX5iQID
+AQABo4H6MIH3MB0GA1UdDgQWBBRLldgXCGLsOtXZjfSSKwLzSvoWfjCBxwYDVR0j
+BIG/MIG8gBRLldgXCGLsOtXZjfSSKwLzSvoWfqGBmKSBlTCBkjELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFz
+czETMBEGA1UEChMKSkJvc3MgSW5jLjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpi
+b3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5AamJvc3MuY29tggkAq/VS/2Qa
+Te8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAg6c158cHl0pnwK4Ir
+QzmMbd4oWY4gSmkTAM+92G2KPU/ZiH0gCK3sZX9raKtIeOkf4EGxWyJ8/9D7aTlU
+/6bsKOX4WwdyzsSP4IcIoXN2sCZvyTNW9j9sqN+u1mMe0EpLfM/vQF8SXmN9wUXF
+vuVw26a3neK+p4W5O1QADLZ3OA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEsjCCBBugAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczET
+MBEGA1UEChMKSkJvc3MgSW5jLjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3Nz
+LmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5AamJvc3MuY29tMB4XDTA1MDgwMjIw
+NTQzOVoXDTMyMTIxODIwNTQzOVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
+c2hpbmd0b24xEzARBgNVBAoTCkpCb3NzIEluYy4xEzARBgNVBAsTCkpCb3NzIElu
+Yy4xGjAYBgNVBAMTEXVuaXQtdGVzdHMtY2xpZW50MIIBtzCCASwGByqGSM44BAEw
+ggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2N
+WPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn
+xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUj
+C8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0H
+gmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuz
+pnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7P
+SSoDgYQAAoGAP3c9MXkrqNL4bPZuJSnq67UKVU91p/Kt5IZrNLXvjtozWKl5g6iz
+EITDVBaJqsFA8wx0We1pnUMHpt6aouDIpjYkR41tcA1NeMz9RGWaaFXMraVMSEZD
+lk2sd7TovdErO32u7xGU5lRXHqnZBsjAG9n+IgMCHw/X0tDL1U6Gdg+jggEmMIIB
+IjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUgJX7A18HJXezbL1azslkXPFJJlIwgccGA1Ud
+IwSBvzCBvIAUS5XYFwhi7DrV2Y30kisC80r6Fn6hgZikgZUwgZIxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRgwFgYDVQQHEw9Tbm9xdWFsbWllIFBh
+c3MxEzARBgNVBAoTCkpCb3NzIEluYy4xCzAJBgNVBAsTAlFBMRIwEAYDVQQDEwlq
+Ym9zcy5jb20xHjAcBgkqhkiG9w0BCQEWD2FkbWluQGpib3NzLmNvbYIJAKv1Uv9k
+Gk3vMA0GCSqGSIb3DQEBBQUAA4GBAIUyFDMmVH/a0gr8AmFwFj+9dzP0emuwh2tV
+MewyNTMuK+BVEtyv0mxsf/uPYwB+z8EVLfhV7iCQgiS7TzmQv8fmD85b3rY+LIl/
+h7PXmaUJ1qY7/q8yGrdOA4zgrHWkH7aefR6z0o6bVMqNgM1hZUip5b66KXb+5HFV
+52dKqK7G
+-----END CERTIFICATE-----
Added: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.crt
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.crt (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.crt 2010-10-19 16:58:10 UTC (rev 108663)
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEozCCBAygAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczET
+MBEGA1UEChMKSkJvc3MgSW5jLjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3Nz
+LmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5AamJvc3MuY29tMB4XDTA1MDgwMjIw
+NTQxNFoXDTMyMTIxODIwNTQxNFowWDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
+c2hpbmd0b24xEzARBgNVBAoTCkpCb3NzIEluYy4xCzAJBgNVBAsTAlFBMRIwEAYD
+VQQDEwlsb2NhbGhvc3QwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS
+30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
+HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU
+E1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKB
+gQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGA
+tEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoB
+JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA0gOQM+Ws
+25cKT6oIuowT9P/pup+2vcuA5RPf3RJyi33y1WLWkNDKc7H5ASbfbAGqYMxn0suL
+M9hRtl7FekPSS6ER8zBYKhSZVobj0ViZkEYmBgLp+uMTycAclQon3Xd1JbqZ+eWx
+16OY5zRcuvKBgpRycPeDXwQxfwVtYWvd+06jggEmMIIBIjAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUYBxikrzSqFyLD+B53Hke1JrnIDMwgccGA1UdIwSBvzCBvIAUS5XYFwhi
+7DrV2Y30kisC80r6Fn6hgZikgZUwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
+YXNoaW5ndG9uMRgwFgYDVQQHEw9Tbm9xdWFsbWllIFBhc3MxEzARBgNVBAoTCkpC
+b3NzIEluYy4xCzAJBgNVBAsTAlFBMRIwEAYDVQQDEwlqYm9zcy5jb20xHjAcBgkq
+hkiG9w0BCQEWD2FkbWluQGpib3NzLmNvbYIJAKv1Uv9kGk3vMA0GCSqGSIb3DQEB
+BQUAA4GBAHoYsVZ5QxIzpJqPUYCM3c/sD1ygU6lCrg1tvxa0wn2J1HIzDH7vTwb0
+lA564LR2GsYGHOQD66M9KWcnhDh4v1lPuGqyW3Hyi9/U7pdCiXq583FUcel7Db8v
+9sUcrt9eM0QO53uKJWSk9OJy101aVatzgFDFB4XfKi+e4cz7Q04M
+-----END CERTIFICATE-----
Added: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.pem
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.pem (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/localhost.pem 2010-10-19 16:58:10 UTC (rev 108663)
@@ -0,0 +1,9 @@
+-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
+PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
+pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
+1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
+vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
+g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUK3pK0mWwNAgLC48KKfQts5tYrW4=
+-----END PRIVATE KEY-----
Added: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.crt
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.crt (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.crt 2010-10-19 16:58:10 UTC (rev 108663)
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAq+gAwIBAgIETJERYzALBgcqhkjOOAQDBQAwXDELMAkGA1UEBhMCQ1ox
+EDAOBgNVBAgTB1Vua25vd24xDTALBgNVBAcTBEJybm8xCzAJBgNVBAoTAlJIMQsw
+CQYDVQQLEwJRRTESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTEwMDkxNTE4MzMwN1oX
+DTEwMTIxNDE4MzMwN1owXDELMAkGA1UEBhMCQ1oxEDAOBgNVBAgTB1Vua25vd24x
+DTALBgNVBAcTBEJybm8xCzAJBgNVBAoTAlJIMQswCQYDVQQLEwJRRTESMBAGA1UE
+AxMJbG9jYWxob3N0MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9K
+nC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00
+b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNa
+FpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA
+9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ
+FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7
+zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAF+GXA3LFD8Fe
+dAMCEUMQrcu49FYGfgRr++UpVE28nTOcHVOLKbw3ochrqb9qx2tYhFHd2bmR5vUn
+MSWTy2oes8PdVJSCZMNp+KHXNcGP7OBBg+GVrbm+ELTfUpI+XlmPO5A/R4ZbPmlI
+0c85qhvNtZ+0rTaqDOXII6oOK2Yj6twwCwYHKoZIzjgEAwUAAzAAMC0CFGl9/Q4N
+EA/jRaRlcpZ75TB6xh2QAhUAiaLbeVgUx7dtZ9hUM94pYEtEiGE=
+-----END CERTIFICATE-----
Added: branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.pem
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.pem (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/test-configs/cc-native/ssl.pem 2010-10-19 16:58:10 UTC (rev 108663)
@@ -0,0 +1,9 @@
+-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
+PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
+pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
+1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
+vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
+g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUeyg1WfjRosHaG5W8h5julpeMHtc=
+-----END PRIVATE KEY-----
More information about the jboss-cvs-commits
mailing list