diff options
Diffstat (limited to 'id.server/data/abnahme-test/conf/moa')
20 files changed, 612 insertions, 0 deletions
diff --git a/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml new file mode 100644 index 000000000..82c45565d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> + <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/> + <GenericConfiguration name="IAIKIXSILinit.properties" value="aValidFileName"/> + <GenericConfiguration name="autoAddCertificates" value="true"/> + <GenericConfiguration name="useAuthorityInfoAccess" value="true"/> + <GenericConfiguration name="maxRevocationAge" value="0"/> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="aValidPathName"/> + <GenericConfiguration name="archiveRevocationInfo" value="false"/> + <GenericConfiguration name="DataBaseArchiveParameter.JDBCUrl" value="jdbc:postgresql://10.16.46.108/moa?user=moa&password=moatest"/> + <GenericConfiguration name="test.ReferenceBase" value="test"/> + <!-- + <HardwareCryptoModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/> + <HardwareKeyModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/> + + <HardwareKeyModule id="HSM" name="cryptoki.dll" slotID="0" userPIN="0000"/>--> + <SoftwareKeyModule id="SWKeyModule1" filename="keys/test-ee2003_normal(buergerkarte).p12" password="buergerkarte"/> + <SoftwareKeyModule id="SWKeyModule2" filename="keys/normal-eeExpired.p12" password=""/> + <SoftwareKeyModule id="SWKeyModule3" filename="keys/ecc(ego).p12" password="ego"/> + <SoftwareKeyModule id="SWKeyModule4" filename="keys/DSA.512.p12" password="topSecret"/> + <KeyGroup id="HSMRSAKEY"> + <Key> + <KeyModuleID>HSM</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>C=AT,OU=MOA,O=BRZ,CN=HSMRSAKEY</dsig:X509IssuerName> + <dsig:X509SerialNumber>1</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="PKCS12RSAKey1"> + <!--PKCS12RSAKey1 maps to test-ee2003_normal(buergerkarte).p12--> + <Key> + <KeyModuleID>SWKeyModule1</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="PKCS12RSAKeyExpired"> + <!--PKCS12RSAKey1 maps to sicher-demo(buergerkarte).p12--> + <Key> + <KeyModuleID>SWKeyModule2</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>10</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="PKCS12ECDSAKey1"> + <!--PKCS12ECDSAKey1 maps to ecc(ego).p12--> + <Key> + <KeyModuleID>SWKeyModule3</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>68172</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="DSAinPKCS12"> + <!--DSAinPKCS12 maps to DSA.512.p12--> + <Key> + <KeyModuleID>SWKeyModule4</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>761791</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="allKeys"> + <Key> + <KeyModuleID>SWKeyModule1</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + <Key> + <KeyModuleID>SWKeyModule2</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + <Key> + <KeyModuleID>SWKeyModule3</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>68172</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + <Key> + <KeyModuleID>SWKeyModule4</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>761791</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroupMapping> + <KeyGroup id="PKCS12RSAKey1"/> + <KeyGroup id="PKCS12RSAKeyExpired"/> + <KeyGroup id="PKCS12ECDSAKey1"/> + <KeyGroup id="DSAinPKCS12"/> + <KeyGroup id="HSMRSAKEY"/> + </KeyGroupMapping> + <KeyGroupMapping> + <X509IssuerSerial> + <dsig:X509IssuerName>CN=TestUser,OU=MOA,O=BRZ,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>12345678</dsig:X509SerialNumber> + </X509IssuerSerial> + <KeyGroup id="allKeys"/> + </KeyGroupMapping> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <CRLArchive duration="365"/> + <CRLDistributionPoint> + <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN> + <DistributionPoint uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/> + </CRLDistributionPoint> + <CRLDistributionPoint> + <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN> + <DistributionPoint reasonCodes="keyCompromise affiliationChanged" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/> + <DistributionPoint reasonCodes="certificateHold" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/> + </CRLDistributionPoint> + <VerifyTransformsInfoProfile id="TransformsInfoProfile1MOAID" filename="profiles/TransformsInfoProfile1MOAID.xml"/> + <VerifyTransformsInfoProfile id="TransformsInfoProfile2MOAID" filename="profiles/TransformsInfoProfile2MOAID.xml"/> + <VerifyTransformsInfoProfile id="TransformsInfoProfile3MOAID" filename="profiles/TransformsInfoProfile3MOAID.xml"/> + <TrustProfile id="TrustProfile1" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile1"/> + <TrustProfile id="TrustProfile2" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile2"/> +</MOAConfiguration> diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer Binary files differnew file mode 100644 index 000000000..18e6bc109 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer Binary files differnew file mode 100644 index 000000000..1cdc15c6e --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer Binary files differnew file mode 100644 index 000000000..b5b39633d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer Binary files differnew file mode 100644 index 000000000..81f6fa658 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer Binary files differnew file mode 100644 index 000000000..99936caa8 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der Binary files differnew file mode 100644 index 000000000..3a3aa543d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer Binary files differnew file mode 100644 index 000000000..b5b39633d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar Binary files differnew file mode 100644 index 000000000..f25d73cd7 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar Binary files differnew file mode 100644 index 000000000..c1fa1d645 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar diff --git a/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 Binary files differnew file mode 100644 index 000000000..8f7a201ac --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 Binary files differnew file mode 100644 index 000000000..f84e793c5 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 Binary files differnew file mode 100644 index 000000000..ff65f9fde --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 Binary files differnew file mode 100644 index 000000000..efaeb9b98 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 Binary files differnew file mode 100644 index 000000000..efaeb9b98 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml new file mode 100644 index 000000000..c4f5a52af --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml new file mode 100644 index 000000000..dc4a97716 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml new file mode 100644 index 000000000..17c4d8d54 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/abnahme-test/conf/moa/runAbnahme.bat b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat new file mode 100644 index 000000000..8f635081c --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat @@ -0,0 +1,12 @@ +C:
+cd\programme
+cd apacheGroup
+cd abnahme
+rem set moa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+set moa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+rem set CATALINA_OPTS=-Dmoa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml -Dlog4j.configuration=file:/C:\Programme\ApacheGroup\abnahme\conf\log4j.properties -Dmoa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+set MOA_ROOT=C:\Programme\ApacheGroup\abnahme\
+set CATALINA_OPTS=-Dmoa.spss.server.configuration=%MOA_ROOT%conf\moa\ConfigurationTest.xml -Dlog4j.configuration=file:/%MOA_ROOT%conf\moa\log4j.properties -Dmoa.id.configuration=%MOA_ROOT%conf\moa-id\ConfigurationTest.xml
+set CATALINA_HOME=C:\Programme\ApacheGroup\abnahme
+
+call bin\catalina run
\ No newline at end of file diff --git a/id.server/data/abnahme-test/conf/moa/server.xml b/id.server/data/abnahme-test/conf/moa/server.xml new file mode 100644 index 000000000..75afa9955 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/server.xml @@ -0,0 +1,423 @@ +<!-- Example Server Configuration File --> +<!-- Note that component elements are nested corresponding to their + parent-child relationships with each other --> + +<!-- A "Server" is a singleton element that represents the entire JVM, + which may contain one or more "Service" instances. The Server + listens for a shutdown command on the indicated port. + + Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + +<Server port="8005" shutdown="SHUTDOWN" debug="0"> + + + <!-- Comment these entries out to disable JMX MBeans support --> + <!-- You may also configure custom components (e.g. Valves/Realms) by + including your own mbean-descriptor file(s), and setting the + "descriptors" attribute to point to a ';' seperated list of paths + (in the ClassLoader sense) of files to add to the default list. + e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml" + --> + <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" + debug="0"/> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" + debug="0"/> + + <!-- Global JNDI resources --> + <GlobalNamingResources> + + <!-- Test entry for demonstration purposes --> + <Environment name="simpleValue" type="java.lang.Integer" value="30"/> + + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved"> + </Resource> + <ResourceParams name="UserDatabase"> + <parameter> + <name>factory</name> + <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> + </parameter> + <parameter> + <name>pathname</name> + <value>conf/tomcat-users.xml</value> + </parameter> + </ResourceParams> + + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" (and therefore the web applications visible + within that Container). Normally, that Container is an "Engine", + but this is not required. + + Note: A "Service" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + + <!-- Define the Tomcat Stand-Alone Service --> + <Service name="Tomcat-Standalone"> + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Each Connector passes requests on to the + associated "Container" (normally an Engine) for processing. + + By default, a non-SSL HTTP/1.1 Connector is established on port 8080. + You can also enable an SSL HTTP/1.1 Connector on port 8443 by + following the instructions below and uncommenting the second Connector + entry. SSL support requires the following steps (see the SSL Config + HOWTO in the Tomcat 4.0 documentation bundle for more detailed + instructions): + * Download and install JSSE 1.0.2 or later, and put the JAR files + into "$JAVA_HOME/jre/lib/ext". + * Execute: + %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) + $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) + with a password value of "changeit" for both the certificate and + the keystore itself. + + By default, DNS lookups are enabled when a web application calls + request.getRemoteHost(). This can have an adverse impact on + performance, so you can disable it by setting the + "enableLookups" attribute to "false". When DNS lookups are disabled, + request.getRemoteHost() will return the String version of the + IP address of the remote client. + --> + + <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8080" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="100" debug="0" connectionTimeout="20000" + useURIValidationHack="false" disableUploadTimeout="true" /> + <!-- Note : To disable connection timeouts, set connectionTimeout value + to -1 --> + + <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> + + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="false"> + <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="server.keystore" keystorePass="changeit"/> + </Connector> + + + <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8009" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" connectionTimeout="0" + useURIValidationHack="false" + protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <!-- + <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" + port="8009" minProcessors="5" maxProcessors="75" + acceptCount="10" debug="0"/> + --> + + <!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> + <!-- See proxy documentation for more information about using this. --> + <!-- + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8082" minProcessors="5" maxProcessors="75" + enableLookups="true" + acceptCount="100" debug="0" connectionTimeout="20000" + proxyPort="80" useURIValidationHack="false" + disableUploadTimeout="true" /> + --> + + <!-- Define a non-SSL legacy HTTP/1.1 Test Connector on port 8083 --> + <!-- + <Connector className="org.apache.catalina.connector.http.HttpConnector" + port="8083" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" /> + --> + + <!-- Define a non-SSL HTTP/1.0 Test Connector on port 8084 --> + <!-- + <Connector className="org.apache.catalina.connector.http10.HttpConnector" + port="8084" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" /> + --> + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). --> + + <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie : + <Engine name="Standalone" defaultHost="localhost" debug="0" jmvRoute="jvm1"> + --> + + <!-- Define the top level container in our container hierarchy --> + <Engine name="Standalone" defaultHost="localhost" debug="0"> + + <!-- The request dumper valve dumps useful debugging information about + the request headers and cookies that were received, and the response + headers and cookies that were sent, for all requests received by + this instance of Tomcat. If you care only about requests to a + particular virtual host, or a particular application, nest this + element inside the corresponding <Host> or <Context> entry instead. + + For a similar mechanism that is portable to all Servlet 2.3 + containers, check out the "RequestDumperFilter" Filter in the + example application (the source for this filter may be found in + "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). + + Request dumping is disabled by default. Uncomment the following + element to enable it. --> + <!-- + <Valve className="org.apache.catalina.valves.RequestDumperValve"/> + --> + + <!-- Global logger unless overridden at lower levels --> + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="catalina_log." suffix=".txt" + timestamp="true"/> + + <!-- Because this Realm is here, an instance will be shared globally --> + + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + debug="0" resourceName="UserDatabase"/> + + <!-- Comment out the old realm but leave here for now in case we + need to go back quickly --> + <!-- + <Realm className="org.apache.catalina.realm.MemoryRealm" /> + --> + + <!-- Replace the above Realm with one of the following to get a Realm + stored in a database and accessed via JDBC --> + + <!-- + <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" + driverName="org.gjt.mm.mysql.Driver" + connectionURL="jdbc:mysql://localhost/authority" + connectionName="test" connectionPassword="test" + userTable="users" userNameCol="user_name" userCredCol="user_pass" + userRoleTable="user_roles" roleNameCol="role_name" /> + --> + + <!-- + <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" + driverName="oracle.jdbc.driver.OracleDriver" + connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL" + connectionName="scott" connectionPassword="tiger" + userTable="users" userNameCol="user_name" userCredCol="user_pass" + userRoleTable="user_roles" roleNameCol="role_name" /> + --> + + <!-- + <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" + driverName="sun.jdbc.odbc.JdbcOdbcDriver" + connectionURL="jdbc:odbc:CATALINA" + userTable="users" userNameCol="user_name" userCredCol="user_pass" + userRoleTable="user_roles" roleNameCol="role_name" /> + --> + + <!-- Define the default virtual host --> + <Host name="localhost" debug="0" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- Normally, users must authenticate themselves to each web app + individually. Uncomment the following entry if you would like + a user to be authenticated the first time they encounter a + resource protected by a security constraint, and then have that + user identity maintained across *all* web applications contained + in this virtual host. --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" + debug="0"/> + --> + + <!-- Access log processes all requests for this virtual host. By + default, log files are created in the "logs" directory relative to + $CATALINA_HOME. If you wish, you can specify a different + directory with the "directory" attribute. Specify either a relative + (to $CATALINA_HOME) or absolute path to the desired directory. + --> + <!-- + <Valve className="org.apache.catalina.valves.AccessLogValve" + directory="logs" prefix="localhost_access_log." suffix=".txt" + pattern="common" resolveHosts="false"/> + --> + + <!-- Logger shared by all Contexts related to this virtual host. By + default (when using FileLogger), log files are created in the "logs" + directory relative to $CATALINA_HOME. If you wish, you can specify + a different directory with the "directory" attribute. Specify either a + relative (to $CATALINA_HOME) or absolute path to the desired + directory.--> + <Logger className="org.apache.catalina.logger.FileLogger" + directory="logs" prefix="localhost_log." suffix=".txt" + timestamp="true"/> + + <!-- Define properties for each web application. This is only needed + if you want to set non-default properties, or have web application + document roots in places other than the virtual host's appBase + directory. --> + + <!-- Tomcat Root Context --> + <!-- + <Context path="" docBase="ROOT" debug="0"/> + --> + + <!-- Tomcat Examples Context --> + <Context path="/examples" docBase="examples" debug="0" + reloadable="true" crossContext="true"> + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="localhost_examples_log." suffix=".txt" + timestamp="true"/> + <Ejb name="ejb/EmplRecord" type="Entity" + home="com.wombat.empl.EmployeeRecordHome" + remote="com.wombat.empl.EmployeeRecord"/> + + <!-- If you wanted the examples app to be able to edit the + user database, you would uncomment the following entry. + Of course, you would want to enable security on the + application as well, so this is not done by default! + The database object could be accessed like this: + + Context initCtx = new InitialContext(); + Context envCtx = (Context) initCtx.lookup("java:comp/env"); + UserDatabase database = + (UserDatabase) envCtx.lookup("userDatabase"); + --> +<!-- + <ResourceLink name="userDatabase" global="UserDatabase" + type="org.apache.catalina.UserDatabase"/> +--> + + + <!-- PersistentManager: Uncomment the section below to test Persistent + Sessions. + + saveOnRestart: If true, all active sessions will be saved + to the Store when Catalina is shutdown, regardless of + other settings. All Sessions found in the Store will be + loaded on startup. Sessions past their expiration are + ignored in both cases. + maxActiveSessions: If 0 or greater, having too many active + sessions will result in some being swapped out. minIdleSwap + limits this. -1 or 0 means unlimited sessions are allowed. + If it is not possible to swap sessions new sessions will + be rejected. + This avoids thrashing when the site is highly active. + minIdleSwap: Sessions must be idle for at least this long + (in seconds) before they will be swapped out due to + activity. + 0 means sessions will almost always be swapped out after + use - this will be noticeably slow for your users. + maxIdleSwap: Sessions will be swapped out if idle for this + long (in seconds). If minIdleSwap is higher, then it will + override this. This isn't exact: it is checked periodically. + -1 means sessions won't be swapped out for this reason, + although they may be swapped out for maxActiveSessions. + If set to >= 0, guarantees that all sessions found in the + Store will be loaded on startup. + maxIdleBackup: Sessions will be backed up (saved to the Store, + but left in active memory) if idle for this long (in seconds), + and all sessions found in the Store will be loaded on startup. + If set to -1 sessions will not be backed up, 0 means they + should be backed up shortly after being used. + + To clear sessions from the Store, set maxActiveSessions, maxIdleSwap, + and minIdleBackup all to -1, saveOnRestart to false, then restart + Catalina. + --> + <!-- + <Manager className="org.apache.catalina.session.PersistentManager" + debug="0" + saveOnRestart="true" + maxActiveSessions="-1" + minIdleSwap="-1" + maxIdleSwap="-1" + maxIdleBackup="-1"> + <Store className="org.apache.catalina.session.FileStore"/> + </Manager> + --> + <Environment name="maxExemptions" type="java.lang.Integer" + value="15"/> + <Parameter name="context.param.name" value="context.param.value" + override="false"/> + <Resource name="jdbc/EmployeeAppDb" auth="SERVLET" + type="javax.sql.DataSource"/> + <ResourceParams name="jdbc/EmployeeAppDb"> + <parameter><name>username</name><value>sa</value></parameter> + <parameter><name>password</name><value></value></parameter> + <parameter><name>driverClassName</name> + <value>org.hsql.jdbcDriver</value></parameter> + <parameter><name>url</name> + <value>jdbc:HypersonicSQL:database</value></parameter> + </ResourceParams> + <Resource name="mail/Session" auth="Container" + type="javax.mail.Session"/> + <ResourceParams name="mail/Session"> + <parameter> + <name>mail.smtp.host</name> + <value>localhost</value> + </parameter> + </ResourceParams> + <ResourceLink name="linkToGlobalResource" + global="simpleValue" + type="java.lang.Integer"/> + </Context> + + </Host> + + </Engine> + + </Service> + + <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 + as its servlet container. Please read the README.txt file coming with + the WebApp Module distribution on how to build it. + (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) + + To configure the Apache side, you must ensure that you have the + "ServerName" and "Port" directives defined in "httpd.conf". Then, + lines like these to the bottom of your "httpd.conf" file: + + LoadModule webapp_module libexec/mod_webapp.so + WebAppConnection warpConnection warp localhost:8008 + WebAppDeploy examples warpConnection /examples/ + + The next time you restart Apache (after restarting Tomcat, if needed) + the connection will be established, and all applications you make + visible via "WebAppDeploy" directives can be accessed through Apache. + --> + + <!-- Define an Apache-Connector Service --> +<!-- + <Service name="Tomcat-Apache"> + + <Connector className="org.apache.catalina.connector.warp.WarpConnector" + port="8008" minProcessors="5" maxProcessors="75" + enableLookups="true" appBase="webapps" + acceptCount="10" debug="0"/> + + <Engine className="org.apache.catalina.connector.warp.WarpEngine" + name="Apache" debug="0"> + + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="apache_log." suffix=".txt" + timestamp="true"/> + + <Realm className="org.apache.catalina.realm.MemoryRealm" /> + + </Engine> + + </Service> +--> + +</Server> |