Author: phuong_vu Date: 2010-10-12 21:41:23 -0400 (Tue, 12 Oct 2010) New Revision: 4645 Added: portal/branches/branch-GTNPORTAL-1537/server/jboss/patch-ear/src/main/jboss/server/default/deploy/jbossweb.sar/server.xml Modified: portal/branches/branch-GTNPORTAL-1537/server/tomcat/patch/src/main/tomcat/conf/server.xml portal/branches/branch-GTNPORTAL-1537/web/rest/src/main/webapp/WEB-INF/web.xml Log: GTNPORTAL-1550 Add session listeners to rest.war to free memory Added: portal/branches/branch-GTNPORTAL-1537/server/jboss/patch-ear/src/main/jboss/server/default/deploy/jbossweb.sar/server.xml =================================================================== --- portal/branches/branch-GTNPORTAL-1537/server/jboss/patch-ear/src/main/jboss/server/default/deploy/jbossweb.sar/server.xml (rev 0) +++ portal/branches/branch-GTNPORTAL-1537/server/jboss/patch-ear/src/main/jboss/server/default/deploy/jbossweb.sar/server.xml 2010-10-13 01:41:23 UTC (rev 4645) @@ -0,0 +1,168 @@ +<Server> + + <!-- Optional listener which ensures correct init and shutdown of APR, + and provides information if it is not installed --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> + <Listener className="org.apache.catalina.core.JasperListener" /> + + <Service name="jboss.web"> + + <!-- A HTTP/1.1 Connector on port 8080 --> + <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" + connectionTimeout="20000" redirectPort="8443" /> + + <!-- Add this option to the connector to avoid problems with + .NET clients that don't implement HTTP/1.1 correctly + restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$" + --> + + <!-- A AJP 1.3 Connector on port 8009 --> + <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}" + redirectPort="8443" /> + + <!-- SSL/TLS Connector configuration using the admin devl guide keystore + <Connector protocol="HTTP/1.1" SSLEnabled="true" + port="8443" address="${jboss.bind.address}" + scheme="https" secure="true" clientAuth="false" + keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" + keystorePass="rmi+ssl" sslProtocol = "TLS" /> + --> + + <Engine name="jboss.web" defaultHost="localhost"> + + <!-- The JAAS based authentication and authorization realm implementation + that is compatible with the jboss 3.2.x realm implementation. + - certificatePrincipal : the class name of the + org.jboss.security.auth.certs.CertificatePrincipal impl + used for mapping X509[] cert chains to a Princpal. + - allRolesMode : how to handle an auth-constraint with a role-name=*, + one of strict, authOnly, strictAuthOnly + + strict = Use the strict servlet spec interpretation which requires + that the user have one of the web-app/security-role/role-name + + authOnly = Allow any authenticated user + + strictAuthOnly = Allow any authenticated user only if there are no + web-app/security-roles + --> + <Realm className="org.jboss.web.tomcat.security.JBossWebRealm" + certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" + allRolesMode="authOnly" + /> + <!-- A subclass of JBossSecurityMgrRealm that uses the authentication + behavior of JBossSecurityMgrRealm, but overrides the authorization + checks to use JACC permissions with the current java.security.Policy + to determine authorized access. + - allRolesMode : how to handle an auth-constraint with a role-name=*, + one of strict, authOnly, strictAuthOnly + + strict = Use the strict servlet spec interpretation which requires + that the user have one of the web-app/security-role/role-name + + authOnly = Allow any authenticated user + + strictAuthOnly = Allow any authenticated user only if there are no + web-app/security-roles + <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm" + certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" + allRolesMode="authOnly" + /> + --> + + <Host name="localhost"> + + <!-- Uncomment to enable request dumper. This Valve "logs interesting + contents from the specified Request (before processing) and the + corresponding Response (after processing). It is especially useful + in debugging problems related to headers and cookies." + --> + <!-- + <Valve className="org.apache.catalina.valves.RequestDumperValve" /> + --> + + <!-- Access logger --> + <!-- + <Valve className="org.apache.catalina.valves.AccessLogValve" + prefix="localhost_access_log." suffix=".log" + pattern="common" directory="${jboss.server.log.dir}" + resolveHosts="false" /> + --> + + <!-- Uncomment to enable single sign-on across web apps + deployed to this host. Does not provide SSO across a cluster. + + If this valve is used, do not use the JBoss ClusteredSingleSignOn + valve shown below. + + A new configuration attribute is available beginning with + release 4.0.4: + + cookieDomain configures the domain to which the SSO cookie + will be scoped (i.e. the set of hosts to + which the cookie will be presented). By default + the cookie is scoped to "/", meaning the host + that presented it. Set cookieDomain to a + wider domain (e.g. "xyz.com") to allow an SSO + to span more than one hostname. + --> + + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + + + <!-- Uncomment to enable single sign-on across web apps + deployed to this host AND to all other hosts in the cluster. + + If this valve is used, do not use the standard Tomcat SingleSignOn + valve shown above. + + Valve uses a JBossCache instance to support SSO credential + caching and replication across the cluster. The JBossCache + instance must be configured separately. See the + "jboss-web-clusteredsso-beans.xml" file in the + server/all/deploy directory for cache configuration details. + + Besides the attributes supported by the standard Tomcat + SingleSignOn valve (see the Tomcat docs), this version also + supports the following attributes: + + cookieDomain see non-clustered valve above + + cacheConfig Name of the CacheManager service configuration + to use for the clustered SSO cache. See + deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml + Default is "clustered-sso". + + treeCacheName Deprecated. Use "cacheConfig". + JMX ObjectName of the JBoss Cache MBean used to + support credential caching and replication across + the cluster. Only used if no cache can be located + from the CacheManager service using the "cacheConfig" + attribute (or its default value). If not set, the + default is "jboss.cache:service=TomcatClusteringCache" + + maxEmptyLife The maximum number of seconds an SSO with no + active sessions will be usable by a request + + processExpiresInterval The minimum number of seconds between + efforts by the valve to find and invalidate + SSO's that have exceeded their 'maxEmptyLife'. + Does not imply effort will be spent on such + cleanup every 'processExpiresInterval'. + --> + <!-- + <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" /> + --> + + <!-- Check for unclosed connections and transaction terminated checks + in servlets/jsps. + + Important: The dependency on the CachedConnectionManager + in META-INF/jboss-service.xml must be uncommented, too + --> + + <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve" + cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" + transactionManagerObjectName="jboss:service=TransactionManager" /> + + </Host> + </Engine> + + </Service> + +</Server> Modified: portal/branches/branch-GTNPORTAL-1537/server/tomcat/patch/src/main/tomcat/conf/server.xml =================================================================== --- portal/branches/branch-GTNPORTAL-1537/server/tomcat/patch/src/main/tomcat/conf/server.xml 2010-10-12 15:30:14 UTC (rev 4644) +++ portal/branches/branch-GTNPORTAL-1537/server/tomcat/patch/src/main/tomcat/conf/server.xml 2010-10-13 01:41:23 UTC (rev 4645) @@ -121,9 +121,7 @@ <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> - <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> - --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> Modified: portal/branches/branch-GTNPORTAL-1537/web/rest/src/main/webapp/WEB-INF/web.xml =================================================================== --- portal/branches/branch-GTNPORTAL-1537/web/rest/src/main/webapp/WEB-INF/web.xml 2010-10-12 15:30:14 UTC (rev 4644) +++ portal/branches/branch-GTNPORTAL-1537/web/rest/src/main/webapp/WEB-INF/web.xml 2010-10-13 01:41:23 UTC (rev 4645) @@ -56,7 +56,17 @@ <filter-name>RestEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> - + + <!-- ================================================================== --> + <!-- LISTENER --> + <!-- ================================================================== --> + <listener> + <listener-class>org.exoplatform.web.GenericHttpListener</listener-class> + </listener> + <listener> + <listener-class>org.exoplatform.services.security.web.JAASConversationStateListener</listener-class> + </listener> + <servlet> <servlet-name>RestServer</servlet-name> <description>eXo - Platform REST Server</description> @@ -74,6 +84,10 @@ <url-pattern>/*</url-pattern> </servlet-mapping> + <session-config> + <session-timeout>30</session-timeout> + </session-config> + <security-constraint> <web-resource-collection> <web-resource-name>rest</web-resource-name>