#!/bin/bash ##### # ESG SECURITY # This script is intended to be an adjunct to the esg-node / esg-gway scripts # (author: gavin@llnl.gov) #**************************************************************************** #* * #* Organization: Lawrence Livermore National Lab (LLNL) * #* Directorate: Computation * #* Department: Computing Applications and Research * #* Division: S&T Global Security * #* Matrix: Atmospheric, Earth and Energy Division * #* Program: PCMDI * #* Project: Earth Systems Grid (ESG) Data Node Software Stack * #* First Author: Gavin M. Bell (gavin@llnl.gov) * #* * #**************************************************************************** #* * #* Copyright (c) 2009, Lawrence Livermore National Security, LLC. * #* Produced at the Lawrence Livermore National Laboratory * #* Written by: Gavin M. Bell (gavin@llnl.gov) * #* LLNL-CODE-420962 * #* * #* All rights reserved. This file is part of the: * #* Earth System Grid (ESG) Data Node Software Stack, Version 1.0 * #* * #* For details, see http://esgf.org/ * #* Please also read this link * #* http://esgf.org/LICENSE * #* * #* * Redistribution and use in source and binary forms, with or * #* without modification, are permitted provided that the following * #* conditions are met: * #* * #* * Redistributions of source code must retain the above copyright * #* notice, this list of conditions and the disclaimer below. * #* * #* * Redistributions in binary form must reproduce the above copyright * #* notice, this list of conditions and the disclaimer (as noted below) * #* in the documentation and/or other materials provided with the * #* distribution. * #* * #* Neither the name of the LLNS/LLNL nor the names of its contributors * #* may be used to endorse or promote products derived from this * #* software without specific prior written permission. * #* * #* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * #* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * #* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * #* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LAWRENCE * #* LIVERMORE NATIONAL SECURITY, LLC, THE U.S. DEPARTMENT OF ENERGY OR * #* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * #* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * #* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * #* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * #* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * #* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * #* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * #* SUCH DAMAGE. * #* * #**************************************************************************** ###### # Description: Installation of the esg-security infrastructure. This # file is meant to be sourced by the esg-node # scripts that has the definition of checked_get(), # stop_tomcat(), start_tomcat(), $workdir, esg_security_filters_dist_url=${esg_dist_url}/filters hessian_version=${hessian_version:-"3.0.20"} #arg (1) - install = 0 [default] # upgrade = 1 setup_security_token_filters() { mkdir -p $workdir [ $? != 0 ] && return 1 pushd $workdir >& /dev/null install_security_token_authorizer popd >& /dev/null start_tomcat return 0 } install_security_token_authorizer() { #----------------------------------------------------------------------------------------- # Inserting the Authorizer Servlet (yes, this section is a bit hacky... I am tired!) #----------------------------------------------------------------------------------------- local dest_dir=${1:-${tomcat_install_dir}/webapps/thredds} local esg_filter_entry_file="esg-security-token-filter-servlet.xml" local esg_filter_entry_pattern="" ! egrep ${esg_filter_entry_pattern} ${dest_dir}/WEB-INF/web.xml && printf " No Pattern Found In File [${dest_dir}/WEB-INF/web.xml] - skipping this filter setup\n" && return 1 echo echo "*******************************" echo "Installing Tomcat ESGF Token-based Security AUTHORIZER Servlet... (deprecated)" echo "*******************************" echo #One more pattern is needs to be replaced into the file for #setting up the RestrictedData servlet Authorizer that goes along with the #Token filter. echo "***Writing Authorizer Entry...***" pushd $workdir >& /dev/null checked_get ${esg_security_filters_dist_url}/${esg_filter_entry_file} esg_filter_entry_file=$(readlink -f ${esg_filter_entry_file}) #going to need full path for pattern replacement below popd >& /dev/null pushd ${dest_dir}/WEB-INF >& /dev/null [ $? != 0 ] && echo " ERROR: Could not find web application (${dest_dir})" && return 1 local target_file=web.xml target_file=$(readlink -f ${target_file}) insert_file_at_pattern ${target_file} ${esg_filter_entry_file} "${esg_filter_entry_pattern}" #Comment out the original thredds' RestrictedDataset "Authorizer" with our own local start_comment='' eval "perl -p -i -e 's//${start_comment}/g' ${target_file}"; echo -n "*" eval "perl -p -i -e 's//${end_comment}/g' ${target_file}"; echo -n "*" popd >& /dev/null #----------------------------------------------------------------------------------------- chown -R ${tomcat_user} ${dest_dir}/WEB-INF chgrp -R ${tomcat_group} ${dest_dir}/WEB-INF echo "security token filter installed (deprecated)" return 0 }