[jboss-cvs] JBossAS SVN: r75135 - in branches/JBPAPP_4_2_0_GA_CP: console/src/resources/webconsole.war/WEB-INF and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jun 26 16:38:37 EDT 2008
Author: dbhole
Date: 2008-06-26 16:38:36 -0400 (Thu, 26 Jun 2008)
New Revision: 75135
Modified:
branches/JBPAPP_4_2_0_GA_CP/build/README
branches/JBPAPP_4_2_0_GA_CP/build/build.xml
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml
branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties
branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml
branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml
branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml
branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml
branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml
Log:
Fix JBPAPP-793: Added a support for -Dbuild.unsecure=true, which builds the
server without security, and keeps the admin/admin user active.
Modified: branches/JBPAPP_4_2_0_GA_CP/build/README
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/build/README 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/build/README 2008-06-26 20:38:36 UTC (rev 75135)
@@ -5,6 +5,8 @@
-Dbuild.soa=false passed to build/build.xml builds with MQ and WS 1.2.x
+-Dbuild.unsecure=true passed to build/build.xml builds AS without securing it,
+ and keeps the admin/admin user active.
Note:
- build.soa *MUST* be supplied as either true or false -- either on
Modified: branches/JBPAPP_4_2_0_GA_CP/build/build.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/build/build.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/build/build.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -682,6 +682,7 @@
<antcall target="partition-production"/>
<antcall target="partition-default"/>
<antcall target="makeConfigChanges"/>
+ <antcall target="processSecurityAnnotations"/>
<antcall target="partition-minimal"/>
<antcall target="replace-messaging"/>
<antcall target="jboss-all-client"/>
@@ -1084,6 +1085,101 @@
</target>
+ <!-- Update config and other files for production config -->
+ <target name="processSecurityAnnotations"
+ depends="partition-default,partition-production">
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="conf/props/jmx-console-users.properties" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/jmx-console.war/WEB-INF/jboss-web.xml" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/jmx-console.war/WEB-INF/web.xml" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/jmx-invoker-service.xml" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml" />
+ </ant>
+
+ <ant antfile="build.xml" target="updateSecurity">
+ <property name="config.file" value="deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml" />
+ </ant>
+
+ </target>
+
+ <!-- Modify run.sh for production config -->
+ <target name="updateSecurity">
+
+ <property name="config.file" value=""/>
+
+ <condition property="conf.to.keep" value="UNSECCONF" else="SECURECONF">
+ <equals arg1="${build.unsecure}" arg2="true"/>
+ </condition>
+
+ <condition property="conf.to.delete" value="SECURECONF" else="UNSECCONF">
+ <equals arg1="${build.unsecure}" arg2="true"/>
+ </condition>
+
+ <!-- Uncomment the configuration to make the key generation cluster safe -->
+
+ <replaceregexp file="${install.all}/${config.file}"
+ flags="gm"
+ match="@.*${conf.to.keep}\s"
+ replace=""
+ />
+
+ <replaceregexp file="${install.all}/${config.file}"
+ flags="gs"
+ match="@${conf.to.delete}((?!@END.*CONF).)*@END${conf.to.delete}\s"
+ replace=""
+ />
+
+ <replaceregexp file="${install.default}/${config.file}"
+ flags="gm"
+ match="@.*${conf.to.keep}\s"
+ replace=""
+ />
+
+ <replaceregexp file="${install.default}/${config.file}"
+ flags="gs"
+ match="@${conf.to.delete}((?!@END.*CONF).)*@END${conf.to.delete}\s"
+ replace=""
+ />
+
+
+ <replaceregexp file="${install.production}/${config.file}"
+ flags="gm"
+ match="@.*${conf.to.keep}\s"
+ replace=""
+ />
+
+ <replaceregexp file="${install.production}/${config.file}"
+ flags="gs"
+ match="@${conf.to.delete}((?!@END.*CONF).)*@END${conf.to.delete}\s"
+ replace=""
+ />
+ </target>
+
<!-- Before executing <replace> task on Windows, convert the target files from -->
<!-- UNIX line termination (LF) to Windows line termination (CRLF) so that -->
<!-- <replace> does not break due to line termination inconsistencies -->
@@ -1099,6 +1195,15 @@
<fixcrlf srcdir="../connector/src/resources/jca-sar" includes="jbossjca-service.xml" eol="crlf"/>
<fixcrlf srcdir="../varia/src/resources/services/binding" includes="sample-bindings.xml" eol="crlf"/>
<fixcrlf srcdir="../server/src/main/org/jboss/metadata/serviceref" includes="ServiceRefDelegate.java" eol="crlf"/>
+ <fixcrlf srcdir="../varia/src/resources/services/invoker/http" includes="web.xml" eol="crlf"/>
+ <fixcrlf srcdir="../varia/src/resources/services/invoker/httpha" includes="web.xml" eol="crlf"/>
+ <fixcrlf srcdir="../varia/src/resources/jmx/web-inf" includes="jboss-web.xml" eol="crlf"/>
+ <fixcrlf srcdir="../varia/src/resources/jmx" includes="jmx-console-web.xml" eol="crlf"/>
+ <fixcrlf srcdir="../server/src/resources/jmx-invoker-adaptor/META-INF" includes="jboss-service.xml" eol="crlf"/>
+ <fixcrlf srcdir="../server/src/etc/conf/default/props" includes="jmx-console-users.properties" eol="crlf"/>
+ <fixcrlf srcdir="../console/src/resources/webconsole.war/WEB-INF" includes="jboss-web.xml" eol="crlf"/>
+ <fixcrlf srcdir="../console/src/resources/webconsole.war/WEB-INF" includes="web.xml" eol="crlf"/>
+ <fixcrlf srcdir="../console/src/resources/webconsole.war/WEB-INF/classes" includes="web-console-users.properties" eol="crlf"/>
</target>
<!-- set proxy settings -->
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/classes/web-console-users.properties 2008-06-26 20:38:36 UTC (rev 75135)
@@ -1,2 +1,7 @@
# A sample users.properties file for use with the UsersRolesLoginModule
+ at SECURECONF
#admin=admin
+ at ENDSECURECONF
+ at UNSECCONF
+admin=admin
+ at ENDUNSECCONF
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/jboss-web.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -8,8 +8,16 @@
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
+ at SECURECONF
login modules used to authentication users. -->
+ at ENDSECURECONF
+ at UNSECCONF
+ login modules used to authentication users.
+ at ENDUNSECCONF
<security-domain>java:/jaas/web-console</security-domain>
+ at UNSECCONF
+ -->
+ at ENDUNSECCONF
<!-- The war depends on the -->
<depends>jboss.admin:service=PluginManager</depends>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/WEB-INF/web.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -338,7 +338,12 @@
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+ at SECURECONF
secured access to the HTML JMX console. -->
+ at ENDSECURECONF
+ at UNSECCONF
+ secured access to the HTML JMX console.
+ at ENDUNSECCONF
<security-constraint>
<web-resource-collection>
@@ -354,6 +359,9 @@
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
+ at UNSECCONF
+ -->
+ at ENDUNSECCONF
<login-config>
<auth-method>BASIC</auth-method>
Modified: branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/server/src/etc/conf/default/props/jmx-console-users.properties 2008-06-26 20:38:36 UTC (rev 75135)
@@ -1,2 +1,7 @@
# A sample users.properties file for use with the UsersRolesLoginModule
+ at SECURECONF
#admin=admin
+ at ENDSECURECONF
+ at UNSECCONF
+admin=admin
+ at ENDUNSECCONF
Modified: branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -111,9 +111,17 @@
<return-type>java.lang.Object</return-type>
<descriptors>
<interceptors>
+ at SECURECONF
<!-- Uncomment to require authenticated users -->
+ at ENDSECURECONF
+ at UNSECCONF
+ <!-- Uncomment to require authenticated users
+ at ENDUNSECCONF
<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
securityDomain="java:/jaas/jmx-console"/>
+ at UNSECCONF
+ -->
+ at ENDUNSECCONF
<!-- Interceptor that deals with non-serializable results -->
<interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
policyClass="StripModelMBeanInfoPolicy"/>
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/jmx-console-web.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -81,7 +81,12 @@
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+ at SECURECONF
secured access to the HTML JMX console. -->
+ at ENDSECURECONF
+ at UNSECCONF
+ secured access to the HTML JMX console.
+ at ENDUNSECCONF
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
@@ -96,6 +101,9 @@
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
+ at UNSECCONF
+ -->
+ at ENDUNSECCONF
<login-config>
<auth-method>BASIC</auth-method>
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/web-inf/jboss-web.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -1,6 +1,14 @@
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
+ at SECURECONF
login modules used to authentication users. -->
+ at ENDSECURECONF
+ at UNSECCONF
+ login modules used to authentication users.
+ at ENDUNSECCONF
<security-domain>java:/jaas/jmx-console</security-domain>
+ at UNSECCONF
+ -->
+ at ENDUNSECCONF
</jboss-web>
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/http/web.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -156,9 +156,11 @@
role HttpInvoker to access the HTTP invoker servlets
</description>
<url-pattern>/restricted/*</url-pattern>
+ at SECURECONF
<url-pattern>/JNDIFactory/*</url-pattern>
<url-pattern>/EJBInvokerServlet/*</url-pattern>
<url-pattern>/JMXInvokerServlet/*</url-pattern>
+ at ENDSECURECONF
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml 2008-06-26 20:29:53 UTC (rev 75134)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/services/invoker/httpha/web.xml 2008-06-26 20:38:36 UTC (rev 75135)
@@ -203,9 +203,11 @@
role HttpInvoker to access the HTTP invoker servlets
</description>
<url-pattern>/restricted/*</url-pattern>
+ at SECURECONF
<url-pattern>/JNDIFactory/*</url-pattern>
<url-pattern>/EJBInvokerServlet/*</url-pattern>
<url-pattern>/JMXInvokerServlet/*</url-pattern>
+ at ENDSECURECONF
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
More information about the jboss-cvs-commits
mailing list