[jboss-cvs] JBossAS SVN: r75135 - in branches/JBPAPP_4_2_0_GA_CP: console/src/resources/webconsole.war/WEB-INF and 7 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jun 26 16:38:37 EDT 2008


Author: dbhole
Date: 2008-06-26 16:38:36 -0400 (Thu, 26 Jun 2008)
New Revision: 75135

Modified:
   branches/JBPAPP_4_2_0_GA_CP/build/README
   branches/JBPAPP_4_2_0_GA_CP/build/build.xml
   branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties
   branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml
   branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml
   branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties
   branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml
   branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml
   branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml
   branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml
   branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml
Log:

Fix JBPAPP-793: Added a support for -Dbuild.unsecure=true, which builds the
server without security, and keeps the admin/admin user active.



Modified: branches/JBPAPP_4_2_0_GA_CP/build/README
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/build/README	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/build/README	2008-06-26 20:38:36 UTC (rev 75135)
@@ -5,6 +5,8 @@
 
 -Dbuild.soa=false passed to build/build.xml builds with MQ and WS 1.2.x
 
+-Dbuild.unsecure=true passed to build/build.xml builds AS without securing it, 
+ and keeps the admin/admin user active.
 
 Note:
 - build.soa *MUST* be supplied as either true or false -- either on

Modified: branches/JBPAPP_4_2_0_GA_CP/build/build.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/build/build.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/build/build.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -682,6 +682,7 @@
     <antcall target="partition-production"/>
     <antcall target="partition-default"/>
     <antcall target="makeConfigChanges"/>
+    <antcall target="processSecurityAnnotations"/>
     <antcall target="partition-minimal"/>
     <antcall target="replace-messaging"/>
     <antcall target="jboss-all-client"/>
@@ -1084,6 +1085,101 @@
   
   </target>
 
+  <!-- Update config and other files for production config -->
+  <target name="processSecurityAnnotations" 
+          depends="partition-default,partition-production">
+
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="conf/props/jmx-console-users.properties" />
+     </ant>
+
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml" />
+     </ant>
+
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml" />
+     </ant>
+
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/jmx-console.war/WEB-INF/jboss-web.xml" />
+     </ant>
+      
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/jmx-console.war/WEB-INF/web.xml" />
+     </ant>
+
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/jmx-invoker-service.xml" />
+     </ant>
+      
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties" />
+     </ant>
+      
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml" />
+     </ant>
+      
+     <ant antfile="build.xml" target="updateSecurity">
+         <property name="config.file" value="deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml" />
+     </ant>
+      
+  </target>
+
+  <!-- Modify run.sh for production config -->
+  <target name="updateSecurity">
+
+        <property name="config.file" value=""/>
+
+        <condition property="conf.to.keep" value="UNSECCONF" else="SECURECONF">
+            <equals arg1="${build.unsecure}" arg2="true"/>
+        </condition>
+
+        <condition property="conf.to.delete" value="SECURECONF" else="UNSECCONF">
+            <equals arg1="${build.unsecure}" arg2="true"/>
+        </condition>
+
+       <!-- Uncomment the configuration to make the key generation cluster safe -->
+
+        <replaceregexp file="${install.all}/${config.file}"
+            flags="gm"
+            match="@.*${conf.to.keep}\s"
+            replace=""
+        />
+
+        <replaceregexp file="${install.all}/${config.file}"
+            flags="gs"
+            match="@${conf.to.delete}((?!@END.*CONF).)*@END${conf.to.delete}\s"
+            replace=""
+        />
+
+        <replaceregexp file="${install.default}/${config.file}"
+            flags="gm"
+            match="@.*${conf.to.keep}\s"
+            replace=""
+        />
+
+        <replaceregexp file="${install.default}/${config.file}"
+            flags="gs"
+            match="@${conf.to.delete}((?!@END.*CONF).)*@END${conf.to.delete}\s"
+            replace=""
+        />
+
+
+        <replaceregexp file="${install.production}/${config.file}"
+            flags="gm"
+            match="@.*${conf.to.keep}\s"
+            replace=""
+        />
+
+        <replaceregexp file="${install.production}/${config.file}"
+            flags="gs"
+            match="@${conf.to.delete}((?!@END.*CONF).)*@END${conf.to.delete}\s"
+            replace=""
+        />
+  </target>
+
   <!-- Before executing <replace> task on Windows, convert the target files from -->
   <!-- UNIX line termination (LF) to Windows line termination (CRLF) so that -->
   <!-- <replace> does not break due to line termination inconsistencies -->
@@ -1099,6 +1195,15 @@
     <fixcrlf srcdir="../connector/src/resources/jca-sar" includes="jbossjca-service.xml" eol="crlf"/>
     <fixcrlf srcdir="../varia/src/resources/services/binding" includes="sample-bindings.xml" eol="crlf"/>
     <fixcrlf srcdir="../server/src/main/org/jboss/metadata/serviceref" includes="ServiceRefDelegate.java" eol="crlf"/>
+    <fixcrlf srcdir="../varia/src/resources/services/invoker/http" includes="web.xml" eol="crlf"/>
+    <fixcrlf srcdir="../varia/src/resources/services/invoker/httpha" includes="web.xml" eol="crlf"/>
+    <fixcrlf srcdir="../varia/src/resources/jmx/web-inf" includes="jboss-web.xml" eol="crlf"/>
+    <fixcrlf srcdir="../varia/src/resources/jmx" includes="jmx-console-web.xml" eol="crlf"/>
+    <fixcrlf srcdir="../server/src/resources/jmx-invoker-adaptor/META-INF" includes="jboss-service.xml" eol="crlf"/>
+    <fixcrlf srcdir="../server/src/etc/conf/default/props" includes="jmx-console-users.properties" eol="crlf"/>
+    <fixcrlf srcdir="../console/src/resources/webconsole.war/WEB-INF" includes="jboss-web.xml" eol="crlf"/>
+    <fixcrlf srcdir="../console/src/resources/webconsole.war/WEB-INF" includes="web.xml" eol="crlf"/>
+    <fixcrlf srcdir="../console/src/resources/webconsole.war/WEB-INF/classes" includes="web-console-users.properties" eol="crlf"/>
   </target>
 
   <!-- set proxy settings -->

Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties	2008-06-26 20:38:36 UTC (rev 75135)
@@ -1,2 +1,7 @@
 # A sample users.properties file for use with the UsersRolesLoginModule
+ at SECURECONF
 #admin=admin
+ at ENDSECURECONF
+ at UNSECCONF
+admin=admin
+ at ENDUNSECCONF

Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -8,8 +8,16 @@
 
    <!-- Uncomment the security-domain to enable security. You will
    need to edit the htmladaptor login configuration to setup the
+ at SECURECONF
    login modules used to authentication users. -->
+ at ENDSECURECONF
+ at UNSECCONF
+   login modules used to authentication users.
+ at ENDUNSECCONF
    <security-domain>java:/jaas/web-console</security-domain>
+ at UNSECCONF
+   -->
+ at ENDUNSECCONF
 
    <!-- The war depends on the -->
    <depends>jboss.admin:service=PluginManager</depends>

Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -338,7 +338,12 @@
    <!-- A security constraint that restricts access to the HTML JMX console
    to users with the role JBossAdmin. Edit the roles to what you want and
    uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+ at SECURECONF
    secured access to the HTML JMX console. -->
+ at ENDSECURECONF
+ at UNSECCONF
+   secured access to the HTML JMX console.
+ at ENDUNSECCONF
 
    <security-constraint>
    <web-resource-collection>
@@ -354,6 +359,9 @@
    <role-name>JBossAdmin</role-name>
    </auth-constraint>
    </security-constraint>
+ at UNSECCONF
+   -->
+ at ENDUNSECCONF
 
    <login-config>
       <auth-method>BASIC</auth-method>

Modified: branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties	2008-06-26 20:38:36 UTC (rev 75135)
@@ -1,2 +1,7 @@
 # A sample users.properties file for use with the UsersRolesLoginModule
+ at SECURECONF
 #admin=admin
+ at ENDSECURECONF
+ at UNSECCONF
+admin=admin
+ at ENDUNSECCONF

Modified: branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -111,9 +111,17 @@
             <return-type>java.lang.Object</return-type>
             <descriptors>
                <interceptors>
+ at SECURECONF
                   <!-- Uncomment to require authenticated users -->
+ at ENDSECURECONF
+ at UNSECCONF
+                  <!-- Uncomment to require authenticated users
+ at ENDUNSECCONF
                   <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
                      securityDomain="java:/jaas/jmx-console"/>
+ at UNSECCONF
+                  -->
+ at ENDUNSECCONF
                   <!-- Interceptor that deals with non-serializable results -->
                   <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
                      policyClass="StripModelMBeanInfoPolicy"/>

Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -81,7 +81,12 @@
    <!-- A security constraint that restricts access to the HTML JMX console
    to users with the role JBossAdmin. Edit the roles to what you want and
    uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+ at SECURECONF
    secured access to the HTML JMX console. -->
+ at ENDSECURECONF
+ at UNSECCONF
+   secured access to the HTML JMX console.
+ at ENDUNSECCONF
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>HtmlAdaptor</web-resource-name>
@@ -96,6 +101,9 @@
        <role-name>JBossAdmin</role-name>
      </auth-constraint>
    </security-constraint>
+ at UNSECCONF
+   -->
+ at ENDUNSECCONF
 
    <login-config>
       <auth-method>BASIC</auth-method>

Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -1,6 +1,14 @@
 <jboss-web>
    <!-- Uncomment the security-domain to enable security. You will
       need to edit the htmladaptor login configuration to setup the
+ at SECURECONF
       login modules used to authentication users. -->
+ at ENDSECURECONF
+ at UNSECCONF
+      login modules used to authentication users.
+ at ENDUNSECCONF
       <security-domain>java:/jaas/jmx-console</security-domain>
+ at UNSECCONF
+   -->
+ at ENDUNSECCONF
 </jboss-web>

Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -156,9 +156,11 @@
             role HttpInvoker to access the HTTP invoker servlets
          </description>
          <url-pattern>/restricted/*</url-pattern>
+ at SECURECONF
          <url-pattern>/JNDIFactory/*</url-pattern>
          <url-pattern>/EJBInvokerServlet/*</url-pattern>
          <url-pattern>/JMXInvokerServlet/*</url-pattern>
+ at ENDSECURECONF
          <http-method>GET</http-method>
          <http-method>POST</http-method>
       </web-resource-collection>

Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml	2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml	2008-06-26 20:38:36 UTC (rev 75135)
@@ -203,9 +203,11 @@
             role HttpInvoker to access the HTTP invoker servlets
          </description>
          <url-pattern>/restricted/*</url-pattern>
+ at SECURECONF
          <url-pattern>/JNDIFactory/*</url-pattern>
          <url-pattern>/EJBInvokerServlet/*</url-pattern>
          <url-pattern>/JMXInvokerServlet/*</url-pattern>
+ at ENDSECURECONF
          <http-method>GET</http-method>
          <http-method>POST</http-method>
       </web-resource-collection>




More information about the jboss-cvs-commits mailing list