1 | <!-- For deployment-time modifications ensure that you are editing greenstone3.xml.in, found in resources/tomcat. -->
|
---|
2 | <!-- set allowLinking to true if you want to use symlinks to files or directories outside the docBase directory -->
|
---|
3 | <!-- set reloadable to false for a production version. if true, automatically reloads the webapp if it detects changes in classes or lib directories -->
|
---|
4 | <!-- see http://tomcat.apache.org/tomcat-8.5-doc/config/context.html for more Context attributes -->
|
---|
5 |
|
---|
6 | <Context
|
---|
7 | docBase="@gsdl3webwritablehome@"
|
---|
8 | aliases="/interfaces=@gsdl3webhome@/interfaces,/sites=@gsdl3webhome@/sites"
|
---|
9 | debug="1" reloadable="true"
|
---|
10 | privileged="true"
|
---|
11 | allowLinking="@allowlinking@"
|
---|
12 | xmlBlockExternal="false">
|
---|
13 |
|
---|
14 | <!-- if greenstone is to be run in an iframe, need to use the -->
|
---|
15 | <!-- sameSiteCookies=none version of the CookieProcessor -->
|
---|
16 | <!--<CookieProcessor sameSiteCookies="none" partitioned="true"/>-->
|
---|
17 | <CookieProcessor sameSiteCookies="strict"/>
|
---|
18 |
|
---|
19 | <!-- increase the cacheMaxSize if you get errors like the following in packages/tomcat/logs/catalina.out-->
|
---|
20 | <!-- org.apache.catalina.webresources.Cache.getResource Unable to add the resource at [... class name ...] to the cache for web application [/greenstone3] because there was insufficient free space available after evicting expired cache entries - consider increasing the maximum size of the cache -->
|
---|
21 | <Resources allowLinking="@allowlinking@" cacheMaxSize="51200"/>
|
---|
22 |
|
---|
23 | <!--
|
---|
24 | For embedded derby db:
|
---|
25 | driverName="org.apache.derby.jdbc.EmbeddedDriver"
|
---|
26 | connectionURL="jdbc:derby:@gsdl3webhome@/etc/usersDB"
|
---|
27 | -->
|
---|
28 | <!--
|
---|
29 | JNDI resources require the validationQuery parameter if you are using validations (which we are).
|
---|
30 | A list of values for this parameter, depending on your database driver, can be found here:
|
---|
31 | https://stackoverflow.com/questions/10684244/dbcp-validationquery-for-different-databases
|
---|
32 | For more info about why you need the parameter value, see here:
|
---|
33 | https://stackoverflow.com/a/41232124
|
---|
34 |
|
---|
35 | Because the derby networked server is now launched with the
|
---|
36 | derby.system.home JAVA_OPT property set to the folder containing
|
---|
37 | usersDB, we don't need url set to the full GS3 path to the usersDB.
|
---|
38 | -->
|
---|
39 | <Resource
|
---|
40 | name="jdbc/realmDB"
|
---|
41 | auth="Container"
|
---|
42 | type="javax.sql.DataSource"
|
---|
43 | maxActive="10"
|
---|
44 | maxIdle="4"
|
---|
45 | maxWaitMillis="10000"
|
---|
46 | validationQuery="values 1"
|
---|
47 | driverClassName="org.apache.derby.jdbc.ClientDriver"
|
---|
48 | url="jdbc:derby://@derbyserver@:@derbyserverport@/usersDB" />
|
---|
49 |
|
---|
50 | <Realm className="org.apache.catalina.realm.LockOutRealm">
|
---|
51 | <Realm
|
---|
52 | className="org.greenstone.gsdl3.GoogleSigninJDBCRealm"
|
---|
53 | userTable="USERS" userNameCol="USERNAME" userCredCol="PASSWORD"
|
---|
54 | userRoleTable="ROLES" roleNameCol="ROLE"
|
---|
55 | userEmailCol="email"
|
---|
56 | googlesigninClientId="@googlesigninclientid@"
|
---|
57 | localDataSource="true"
|
---|
58 | dataSourceName="jdbc/realmDB" />
|
---|
59 | </Realm>
|
---|
60 |
|
---|
61 | <!-- Session Manager. Default values are used. See
|
---|
62 | packages/tomcat/webapps/docs/config/manager.html for more info.
|
---|
63 | Pathname may be absolute, or relative to greenstone3 context work
|
---|
64 | directory: packages/tomcat/work/Catalina/localhost/greenstone3.
|
---|
65 | Set pathname="" to disable storing session info between restarts.
|
---|
66 | To manually clear session info, stop Tomcat and delete the session
|
---|
67 | file. -->
|
---|
68 | <Manager pathname="SESSIONS.ser" />
|
---|
69 |
|
---|
70 | <!-- Allow all machines or just this machine: 127.0.0.1 (IPv4) and 0:0:0:0:0:0:0:1 (IPv6, needed on windows)
|
---|
71 | https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html -->
|
---|
72 | <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="@allowedIPs@"/>
|
---|
73 |
|
---|
74 | <!-- Allows us to include the file:
|
---|
75 | <GSDL3SRCHOME>/web/WEB-INF/rewrite.config
|
---|
76 | Currently used (by default) to monitor for GS3 DL calls that use:
|
---|
77 | &href=... and rl=0 ...
|
---|
78 | and rewrite them so they are forbidden by the server.
|
---|
79 | This is because malicious users can use this form of CGI URL supported by Greenstone3
|
---|
80 | to mount an Open Redirect attack -->
|
---|
81 | <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
|
---|
82 |
|
---|
83 | </Context>
|
---|