1 | <!-- For deployment-time modifications ensure that you are editing greenstone3.xml.in, found in resources/tomcat. -->
|
---|
2 | <!-- set allowLinking to true if you want to use symlinks to files or directories outside the docBase directory -->
|
---|
3 | <!-- set reloadable to false for a production version. if true, automatically reloads the webapp if it detects changes in classes or lib directories -->
|
---|
4 | <!-- see http://tomcat.apache.org/tomcat-5.5-doc/config/context.html for more Context attributes -->
|
---|
5 |
|
---|
6 | <Context
|
---|
7 | docBase="@gsdl3webwritablehome@"
|
---|
8 | aliases="/interfaces=@gsdl3webhome@/interfaces,/sites=@gsdl3webhome@/sites"
|
---|
9 | debug="1" reloadable="true"
|
---|
10 | @privilegedattribute@
|
---|
11 | allowLinking="@allowlinking@"
|
---|
12 | xmlBlockExternal="false">
|
---|
13 |
|
---|
14 | <Resources allowLinking="@allowlinking@" />
|
---|
15 |
|
---|
16 | <!--
|
---|
17 | For embedded derby db:
|
---|
18 | driverName="org.apache.derby.jdbc.EmbeddedDriver"
|
---|
19 | connectionURL="jdbc:derby:@gsdl3webhome@/etc/usersDB"
|
---|
20 | -->
|
---|
21 | <!--
|
---|
22 | JNDI resources require the validationQuery parameter if you are using validations (which we are).
|
---|
23 | A list of values for this parameter, depending on your database driver, can be found here:
|
---|
24 | https://stackoverflow.com/questions/10684244/dbcp-validationquery-for-different-databases
|
---|
25 | For more info about why you need the parameter value, see here:
|
---|
26 | https://stackoverflow.com/a/41232124
|
---|
27 | -->
|
---|
28 | <Resource
|
---|
29 | name="jdbc/realmDB"
|
---|
30 | auth="Container"
|
---|
31 | type="javax.sql.DataSource"
|
---|
32 | maxActive="10"
|
---|
33 | maxIdle="4"
|
---|
34 | maxWaitMillis="10000"
|
---|
35 | validationQuery="values 1"
|
---|
36 | driverClassName="org.apache.derby.jdbc.ClientDriver"
|
---|
37 | url="jdbc:derby://@derbyserver@:@derbyserverport@/@gsdl3webhome@/etc/usersDB" />
|
---|
38 |
|
---|
39 | <Realm className="org.apache.catalina.realm.LockOutRealm">
|
---|
40 | <Realm
|
---|
41 | className="org.greenstone.gsdl3.GoogleSigninJDBCRealm"
|
---|
42 | userTable="USERS" userNameCol="USERNAME" userCredCol="PASSWORD"
|
---|
43 | userRoleTable="ROLES" roleNameCol="ROLE"
|
---|
44 | userEmailCol="email"
|
---|
45 | googlesigninClientId="@googlesigninclientid@"
|
---|
46 | localDataSource="true"
|
---|
47 | dataSourceName="jdbc/realmDB" />
|
---|
48 | </Realm>
|
---|
49 |
|
---|
50 | <!-- Session Manager. Default values are used. See
|
---|
51 | packages/tomcat/webapps/docs/config/manager.html for more info.
|
---|
52 | Pathname may be absolute, or relative to greenstone3 context work
|
---|
53 | directory: packages/tomcat/work/Catalina/localhost/greenstone3.
|
---|
54 | Set pathname="" to disable storing session info between restarts.
|
---|
55 | To manually clear session info, stop Tomcat and delete the session
|
---|
56 | file. -->
|
---|
57 | <Manager pathname="SESSIONS.ser" />
|
---|
58 |
|
---|
59 | <!-- Allow all machines or just this machine: 127.0.0.1 (IPv4) and 0:0:0:0:0:0:0:1 (IPv6, needed on windows)
|
---|
60 | https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html -->
|
---|
61 | <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="@allowedIPs@"/>
|
---|
62 |
|
---|
63 | <!-- Allows us to include the file rewrite.config in web/WEB-INF
|
---|
64 | Currently used (by default) to monitor for GS3 DL calls that use:
|
---|
65 | &href=...
|
---|
66 | and disable them, as malicieous users can uses this to mount an Open Redirect attack -->
|
---|
67 | <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
|
---|
68 |
|
---|
69 | </Context>
|
---|