source: main/trunk/greenstone3/resources/tomcat/greenstone3.xml.svn@ 37741

Last change on this file since 37741 was 37741, checked in by davidb, 12 months ago

Updated to specify the RewriteValve, so we can have a rewrite.config file in web/WEB-INF/ that monitors for (and disables by default) Open Redirect calls using GS3 href= argument; this update can be used as a 'hot-fix' to prevent these sorts of redirects on an existing GS3 install using Tomcat8
  • Property svn:keywords set to Author Date Id Revision
File size: 3.1 KB
Line 
1<!-- For deployment-time modifications ensure that you are editing greenstone3.xml.in, found in resources/tomcat. -->
2<!-- set allowLinking to true if you want to use symlinks to files or directories outside the docBase directory -->
3<!-- set reloadable to false for a production version. if true, automatically reloads the webapp if it detects changes in classes or lib directories -->
4<!-- see http://tomcat.apache.org/tomcat-5.5-doc/config/context.html for more Context attributes -->
5
6<Context
7 docBase="@gsdl3webwritablehome@"
8 aliases="/interfaces=@gsdl3webhome@/interfaces,/sites=@gsdl3webhome@/sites"
9 debug="1" reloadable="true"
10 @privilegedattribute@
11 allowLinking="@allowlinking@"
12 xmlBlockExternal="false">
13
14 <Resources allowLinking="@allowlinking@" />
15
16 <!--
17 For embedded derby db:
18 driverName="org.apache.derby.jdbc.EmbeddedDriver"
19 connectionURL="jdbc:derby:@gsdl3webhome@/etc/usersDB"
20 -->
21 <!--
22 JNDI resources require the validationQuery parameter if you are using validations (which we are).
23 A list of values for this parameter, depending on your database driver, can be found here:
24 https://stackoverflow.com/questions/10684244/dbcp-validationquery-for-different-databases
25 For more info about why you need the parameter value, see here:
26 https://stackoverflow.com/a/41232124
27 -->
28 <Resource
29 name="jdbc/realmDB"
30 auth="Container"
31 type="javax.sql.DataSource"
32 maxActive="10"
33 maxIdle="4"
34 maxWaitMillis="10000"
35 validationQuery="values 1"
36 driverClassName="org.apache.derby.jdbc.ClientDriver"
37 url="jdbc:derby://@derbyserver@:@derbyserverport@/@gsdl3webhome@/etc/usersDB" />
38
39 <Realm className="org.apache.catalina.realm.LockOutRealm">
40 <Realm
41 className="org.greenstone.gsdl3.GoogleSigninJDBCRealm"
42 userTable="USERS" userNameCol="USERNAME" userCredCol="PASSWORD"
43 userRoleTable="ROLES" roleNameCol="ROLE"
44 userEmailCol="email"
45 googlesigninClientId="@googlesigninclientid@"
46 localDataSource="true"
47 dataSourceName="jdbc/realmDB" />
48 </Realm>
49
50 <!-- Session Manager. Default values are used. See
51 packages/tomcat/webapps/docs/config/manager.html for more info.
52 Pathname may be absolute, or relative to greenstone3 context work
53 directory: packages/tomcat/work/Catalina/localhost/greenstone3.
54 Set pathname="" to disable storing session info between restarts.
55 To manually clear session info, stop Tomcat and delete the session
56 file. -->
57 <Manager pathname="SESSIONS.ser" />
58
59 <!-- Allow all machines or just this machine: 127.0.0.1 (IPv4) and 0:0:0:0:0:0:0:1 (IPv6, needed on windows)
60 https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html -->
61 <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="@allowedIPs@"/>
62
63 <!-- Allows us to include the file rewrite.config in web/WEB-INF
64 Currently used (by default) to monitor for GS3 DL calls that use:
65 &href=...
66 and disable them, as malicieous users can uses this to mount an Open Redirect attack -->
67 <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
68
69</Context>
Note: See TracBrowser for help on using the repository browser.