svn commit: r1067963 - in /tomcat/tc5.5.x/trunk: ./ build/ build/resources/confinstall/ container/catalina/src/conf/ container/webapps/admin/WEB-INF/ container/webapps/docs/ container/webapps/host-manager/WEB-INF/ container/webapps/manager/WEB-INF/

Mon, 07 Feb 2011 07:21:16 -0800 

Author: markt
Date: Mon Feb  7 15:20:38 2011
New Revision: 1067963

URL: http://svn.apache.org/viewvc?rev=1067963&view=rev
Log:
Add additional roles to the Admin, Manager and Host-Manager applications 
(admin-gui, admin-script; manager-gui, manager-script, manager-jmx, 
manager-status) to allow more fine-grained control over which functionality is 
accessible.

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    tomcat/tc5.5.x/trunk/build/resources/confinstall/tomcat-users_1.xml
    tomcat/tc5.5.x/trunk/build/tomcat.nsi
    tomcat/tc5.5.x/trunk/container/catalina/src/conf/tomcat-users.xml
    tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/web.xml
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
    tomcat/tc5.5.x/trunk/container/webapps/host-manager/WEB-INF/web.xml
    tomcat/tc5.5.x/trunk/container/webapps/manager/WEB-INF/web.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Feb  7 15:20:38 2011
@@ -25,10 +25,3 @@ $Id$
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 
-* Add additional roles to the Admin, Manager and Host-Manager applications
-  (admin-gui, admin-script; manager-gui, manager-script, manager-jmx, 
manager-status)
-  to allow more fine-grained control over which functionality is accessible,
-  like it was done in Tomcat 6.
-  http://people.apache.org/~kkolinko/patches/2011-02-03_tc55_roles.patch
-  +1: kkolinko, pero, markt
-  -1:

Modified: tomcat/tc5.5.x/trunk/build/resources/confinstall/tomcat-users_1.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/build/resources/confinstall/tomcat-users_1.xml?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/build/resources/confinstall/tomcat-users_1.xml 
(original)
+++ tomcat/tc5.5.x/trunk/build/resources/confinstall/tomcat-users_1.xml Mon Feb 
 7 15:20:38 2011
@@ -15,8 +15,8 @@
   limitations under the License.
 -->
 <!--
-  NOTE:  By default, no user is included in the "manager" role required
-  to operate the "/manager" web application.  If you wish to use this app,
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
   you must define such a user - the username and password are arbitrary.
 -->
 <tomcat-users>

Modified: tomcat/tc5.5.x/trunk/build/tomcat.nsi
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/build/tomcat.nsi?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/build/tomcat.nsi (original)
+++ tomcat/tc5.5.x/trunk/build/tomcat.nsi Mon Feb  7 15:20:38 2011
@@ -433,7 +433,7 @@ Function pageComponentsLeave
   IntOp $0 $0 & ${SF_SELECTED}
   ${If} $0 <> 0
     StrCpy $TomcatAdminEnable "1"
-    StrCpy $TomcatAdminRoles "manager"
+    StrCpy $TomcatAdminRoles "manager-gui"
   ${EndIf}
 
   SectionGetFlags ${SecHostManager} $0
@@ -441,9 +441,9 @@ Function pageComponentsLeave
   ${If} $0 <> 0
     StrCpy $TomcatAdminEnable "1"
     ${If} $TomcatAdminRoles != ""
-      StrCpy $TomcatAdminRoles "admin,$TomcatAdminRoles"
+      StrCpy $TomcatAdminRoles "admin-gui,$TomcatAdminRoles"
     ${Else}
-      StrCpy $TomcatAdminRoles "admin"
+      StrCpy $TomcatAdminRoles "admin-gui"
     ${EndIf}
   ${EndIf}
 FunctionEnd

Modified: tomcat/tc5.5.x/trunk/container/catalina/src/conf/tomcat-users.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/conf/tomcat-users.xml?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/catalina/src/conf/tomcat-users.xml (original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/conf/tomcat-users.xml Mon Feb  
7 15:20:38 2011
@@ -16,8 +16,8 @@
   limitations under the License.
 -->
 <!--
-  NOTE:  By default, no user is included in the "manager" role required
-  to operate the "/manager" web application.  If you wish to use this app,
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
   you must define such a user - the username and password are arbitrary.
 -->
 <tomcat-users>

Modified: tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/web.xml?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/web.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/admin/WEB-INF/web.xml Mon Feb  7 
15:20:38 2011
@@ -129,6 +129,7 @@
     </web-resource-collection>
     <auth-constraint>
       <!-- Anyone with one of the listed roles may access this area -->
+      <role-name>admin-gui</role-name>
       <role-name>admin</role-name>
     </auth-constraint>
   </security-constraint>
@@ -148,6 +149,12 @@
     <description>
       The role that is required to log in to the Administration Application
     </description>
+    <role-name>admin-gui</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      Deprecated role name, that provides the same access as the "admin-gui" 
role.
+    </description>
     <role-name>admin</role-name>
   </security-role>
 

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Mon Feb  7 
15:20:38 2011
@@ -63,6 +63,12 @@
         Improve the descriptions of the components.
         (kkolinko, mturk, markt)
       </fix>
+      <add>
+        Add roles (admin-gui, admin-script, manager-gui, manager-script,
+        manager-jmx, manager-status) to the Manager, Host Manager and Admin
+        applications to allow more fine-grained control of permissions. The old
+        roles are deprecated but will still work in the same way. (kkolinko)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Catalina">

Modified: tomcat/tc5.5.x/trunk/container/webapps/host-manager/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/host-manager/WEB-INF/web.xml?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/host-manager/WEB-INF/web.xml 
(original)
+++ tomcat/tc5.5.x/trunk/container/webapps/host-manager/WEB-INF/web.xml Mon Feb 
 7 15:20:38 2011
@@ -79,8 +79,7 @@
   <!-- Define a Security Constraint on this Application -->
   <security-constraint>
     <web-resource-collection>
-      <web-resource-name>HTMLHostManager and HostManager 
commands</web-resource-name>
-      <url-pattern>/html/*</url-pattern>
+      <web-resource-name>HostManager commands</web-resource-name>
       <url-pattern>/list</url-pattern>
       <url-pattern>/add</url-pattern>
       <url-pattern>/remove</url-pattern>
@@ -88,7 +87,19 @@
       <url-pattern>/stop</url-pattern>
     </web-resource-collection>
     <auth-constraint>
-       <!-- NOTE:  This role is not present in the default users file -->
+       <!-- NOTE:  None of these roles is present in the default users file -->
+       <role-name>admin-script</role-name>
+       <role-name>admin</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>HTMLHostManager commands</web-resource-name>
+      <url-pattern>/html/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <!-- NOTE:  None of these roles is present in the default users file -->
+       <role-name>admin-gui</role-name>
        <role-name>admin</role-name>
     </auth-constraint>
   </security-constraint>
@@ -102,7 +113,19 @@
   <!-- Security roles referenced by this web application -->
   <security-role>
     <description>
-      The role that is required to log in to the Manager Application
+      The role that is required to access the text Host Manager pages
+    </description>
+    <role-name>admin-script</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access the HTML Host Manager pages
+    </description>
+    <role-name>admin-gui</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      Deprecated role that can access all Host Manager functionality
     </description>
     <role-name>admin</role-name>
   </security-role>

Modified: tomcat/tc5.5.x/trunk/container/webapps/manager/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/manager/WEB-INF/web.xml?rev=1067963&r1=1067962&r2=1067963&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/manager/WEB-INF/web.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/manager/WEB-INF/web.xml Mon Feb  7 
15:20:38 2011
@@ -146,9 +146,7 @@
   <!-- Define a Security Constraint on this Application -->
   <security-constraint>
     <web-resource-collection>
-      <web-resource-name>HTMLManager and Manager command</web-resource-name>
-      <url-pattern>/jmxproxy/*</url-pattern>
-      <url-pattern>/html/*</url-pattern>
+      <web-resource-name>Manager commands</web-resource-name>
       <url-pattern>/list</url-pattern>
       <url-pattern>/sessions</url-pattern>
       <url-pattern>/start</url-pattern>
@@ -160,12 +158,48 @@
       <url-pattern>/reload</url-pattern>
       <url-pattern>/save</url-pattern>
       <url-pattern>/serverinfo</url-pattern>
-      <url-pattern>/status/*</url-pattern>
       <url-pattern>/roles</url-pattern>
       <url-pattern>/resources</url-pattern>
     </web-resource-collection>
     <auth-constraint>
-       <!-- NOTE:  This role is not present in the default users file -->
+       <!-- NOTE:  None of these roles is present in the default users file -->
+       <role-name>manager-script</role-name>
+       <role-name>manager</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>HTMLManager commands</web-resource-name>
+      <url-pattern>/html/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <!-- NOTE:  None of these roles is present in the default users file -->
+       <role-name>manager-gui</role-name>
+       <role-name>manager</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>JMX proxy</web-resource-name>
+      <url-pattern>/jmxproxy/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <!-- NOTE:  None of these roles is present in the default users file -->
+       <role-name>manager-jmx</role-name>
+       <role-name>manager</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Status</web-resource-name>
+      <url-pattern>/status/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <!-- NOTE:  None of these roles is present in the default users file -->
+       <role-name>manager-status</role-name>
+       <role-name>manager-gui</role-name>
+       <role-name>manager-script</role-name>
+       <role-name>manager-jmx</role-name>
        <role-name>manager</role-name>
     </auth-constraint>
   </security-constraint>
@@ -179,7 +213,31 @@
   <!-- Security roles referenced by this web application -->
   <security-role>
     <description>
-      The role that is required to log in to the Manager Application
+      The role that is required to access the HTML Manager pages
+    </description>
+    <role-name>manager-gui</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access the text Manager pages
+    </description>
+    <role-name>manager-script</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access the HTML JMX Proxy
+    </description>
+    <role-name>manager-jmx</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access to the Manager Status pages 
+    </description>
+    <role-name>manager-status</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      Deprecated role that can access all Manager functionality
     </description>
     <role-name>manager</role-name>
   </security-role>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to