Hi, i added a default user tomee/tomee to log on the tomee webapp. The goal was to avoid to need the context.xml we had with a valve limitating the accesses to localhost.
the /ejb context is not protected by default to let remote invocation working out of the box. Any feedback is welcomed - Romain ---------- Forwarded message ---------- From: <[email protected]> Date: 2012/5/16 Subject: svn commit: r1339067 - in /openejb/trunk/openejb/tomee: tomee-common/src/main/java/org/apache/tomee/installer/ tomee-plus-webapp/src/main/resources/META-INF/ tomee-webapp/src/main/resources/META-INF/ tomee-webapp/src/main/webapp/WEB-INF/ To: [email protected] Author: rmannibucau Date: Wed May 16 09:00:51 2012 New Revision: 1339067 URL: http://svn.apache.org/viewvc?rev=1339067&view=rev Log: TOMEE-192 removing valve preventing connection to tomee webapp with an host different from localhost Removed: openejb/trunk/openejb/tomee/tomee-plus-webapp/src/main/resources/META-INF/context.xml Modified: openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml Modified: openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java?rev=1339067&r1=1339066&r2=1339067&view=diff ============================================================================== --- openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java (original) +++ openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java Wed May 16 09:00:51 2012 @@ -99,11 +99,44 @@ public class Installer { removeTomcatLibJar("el-api.jar"); addJavaeeInEndorsed(); + addTomEEAdminConfInTomcatUsers(); + if (!alerts.hasErrors()) { status = Status.REBOOT_REQUIRED; } } + public void addTomEEAdminConfInTomcatUsers() { + // read server.xml + String tomcatUsersXml = Installers.readAll(paths.getTomcatUsersXml(), alerts); + + // server xml will be null if we couldn't read the file + if (tomcatUsersXml == null) { + return; + } + + if (tomcatUsersXml.contains("tomee-admin")) { + alerts.addWarning("Can't add tomee user to tomcat-users.xml"); + return; + } + + // if we can't backup the file, do not modify it + if (!Installers.backup(paths.getTomcatUsersXml(), alerts)) { + return; + } + + // add our listener + final String newTomcatUsers = tomcatUsersXml.replace("</tomcat-users>", + " <role rolename=\"tomee-admin\" />\n" + + " <user username=\"tomee\" password=\"tomee\" roles=\"tomee-admin\" />" + + "\n</tomcat-users>\n"); + + // overwrite server.xml + if (Installers.writeAll(paths.getTomcatUsersXml(), newTomcatUsers, alerts)) { + alerts.addInfo("Add tomee user to tomcat-users.xml"); + } + } + public void installFull() { installListener("org.apache.tomee.catalina.ServerListener"); @@ -116,6 +149,8 @@ public class Installer { addJavaeeInEndorsed(); moveLibs(); + addTomEEAdminConfInTomcatUsers(); + if (!alerts.hasErrors()) { status = Status.REBOOT_REQUIRED; } Modified: openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java?rev=1339067&r1=1339066&r2=1339067&view=diff ============================================================================== --- openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java (original) +++ openejb/trunk/openejb/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Paths.java Wed May 16 09:00:51 2012 @@ -54,6 +54,8 @@ public class Paths { private File openEJBWebLibDir; + private File tomcatUsersXml; + public Paths(File openejbWarDir) { this.openejbWarDir = openejbWarDir; } @@ -445,4 +447,15 @@ public class Paths { } return openEJBWebLibDir; } + + public File getTomcatUsersXml() { + if (tomcatUsersXml == null) { + final File confdir = getCatalinaConfDir(); + if (confdir == null) { + return null; + } + tomcatUsersXml = new File(confdir, "tomcat-users.xml"); + } + return tomcatUsersXml; + } } Modified: openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml?rev=1339067&r1=1339066&r2=1339067&view=diff ============================================================================== --- openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml (original) +++ openejb/trunk/openejb/tomee/tomee-webapp/src/main/resources/META-INF/context.xml Wed May 16 09:00:51 2012 @@ -17,5 +17,7 @@ limitations under the License. --> <Context> + <!-- commenting since web.xml security should be enough by default <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1|0:0:0:0:0:0:0:1(%.*)?|^::1$" deny=""/> + --> </Context> Modified: openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml?rev=1339067&r1=1339066&r2=1339067&view=diff ============================================================================== --- openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml (original) +++ openejb/trunk/openejb/tomee/tomee-webapp/src/main/webapp/WEB-INF/web.xml Wed May 16 09:00:51 2012 @@ -19,68 +19,131 @@ <web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; - version="3.0" metadata-complete="true"> + version="3.0" metadata-complete="true"> - <display-name>OpenEJB Loader Application</display-name> + <display-name>OpenEJB Loader Application</display-name> - <listener> - <listener-class>org.apache.tomee.loader.listener.UserSessionListener</listener-class> - </listener> - - <servlet> - <servlet-name>LoaderServlet</servlet-name> - <servlet-class>org.apache.tomee.loader.LoaderServlet</servlet-class> - <load-on-startup>0</load-on-startup> - </servlet> - - <servlet> - <servlet-name>ServerServlet</servlet-name> - <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class> - </servlet> - - <servlet> - <servlet-name>InstallerServlet</servlet-name> - <servlet-class>org.apache.tomee.installer.InstallerServlet</servlet-class> - </servlet> - - <servlet> - <servlet-name>WsConsole</servlet-name> - <servlet-class>org.apache.tomee.loader.servlet.ConsoleServlet</servlet-class> - </servlet> - - <servlet> - <servlet-name>WsJndi</servlet-name> - <servlet-class>org.apache.tomee.loader.servlet.JndiServlet</servlet-class> - </servlet> - - <servlet> - <servlet-name>WsTest</servlet-name> - <servlet-class>org.apache.tomee.loader.servlet.TestServlet</servlet-class> - </servlet> - - <servlet-mapping> - <servlet-name>ServerServlet</servlet-name> - <url-pattern>/ejb/*</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>InstallerServlet</servlet-name> - <url-pattern>/installer</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>WsConsole</servlet-name> - <url-pattern>/ws/console/*</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>WsJndi</servlet-name> - <url-pattern>/ws/jndi/*</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>WsTest</servlet-name> - <url-pattern>/ws/test/*</url-pattern> - </servlet-mapping> + <listener> + <listener-class>org.apache.tomee.loader.listener.UserSessionListener</listener-class> + </listener> + + <servlet> + <servlet-name>LoaderServlet</servlet-name> + <servlet-class>org.apache.tomee.loader.LoaderServlet</servlet-class> + <load-on-startup>0</load-on-startup> + </servlet> + + <servlet> + <servlet-name>ServerServlet</servlet-name> + <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class> + </servlet> + + <servlet> + <servlet-name>InstallerServlet</servlet-name> + <servlet-class>org.apache.tomee.installer.InstallerServlet</servlet-class> + </servlet> + + <servlet> + <servlet-name>WsConsole</servlet-name> + <servlet-class>org.apache.tomee.loader.servlet.ConsoleServlet</servlet-class> + </servlet> + + <servlet> + <servlet-name>WsJndi</servlet-name> + <servlet-class>org.apache.tomee.loader.servlet.JndiServlet</servlet-class> + </servlet> + + <servlet> + <servlet-name>WsTest</servlet-name> + <servlet-class>org.apache.tomee.loader.servlet.TestServlet</servlet-class> + </servlet> + + <servlet-mapping> + <servlet-name>ServerServlet</servlet-name> + <url-pattern>/ejb/*</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>InstallerServlet</servlet-name> + <url-pattern>/installer</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>WsConsole</servlet-name> + <url-pattern>/ws/console/*</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>WsJndi</servlet-name> + <url-pattern>/ws/jndi/*</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>WsTest</servlet-name> + <url-pattern>/ws/test/*</url-pattern> + </servlet-mapping> + + <!-- basic security to replace context.xml and allow remote accesses --> + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Installer</web-resource-name> + <url-pattern>/installer</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>tomee-admin</role-name> + </auth-constraint> + </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Webservices</web-resource-name> + <url-pattern>/ws/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>tomee-admin</role-name> + </auth-constraint> + </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Interface</web-resource-name> + <url-pattern>*.jsp</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>tomee-admin</role-name> + </auth-constraint> + </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Style</web-resource-name> + <url-pattern>/css/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>tomee-admin</role-name> + </auth-constraint> + </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Images</web-resource-name> + <url-pattern>/images/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>tomee-admin</role-name> + </auth-constraint> + </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Javascript</web-resource-name> + <url-pattern>/js/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>tomee-admin</role-name> + </auth-constraint> + </security-constraint> + <login-config> + <auth-method>BASIC</auth-method> + <realm-name>TomEE Webapp</realm-name> + </login-config> + <security-role> + <role-name>tomee-admin</role-name> + </security-role> </web-app>
