Commit 9bffcb17 authored by cdanger's avatar cdanger

- Replace src/docker/Dockerfile with Dockerfile.tmpl using

${project.version} maven property, from which Dockerfile is generated
during maven build -> src/docker/Dockerfile auto-generated by maven
- Added jar/annotation scanning skip instruction to webapp context and
WEB-INF/web.xml to speed up Tomcat deployment
- upgraded parent project: 7.0.0 -> 7.1.0
- upgraded deps: authzforce-ce-core: 10.0.0 -> 10.1.0,
authzforce-ce-core-pap-api: 9.0.0 -> 9.1.0,
authzforce-ce-pap-dao-flat-file: 9.0.0 -> 9.1.0,
authzforce-ce-rest-api-model: 5.6.0 -> 5.7.0, authzforce-ce-jaxrs-utils:
1.0.0 -> 1.1.0
- Added support for JaxbErrorMessage in JsonRiCxfJaxrsProvider
parent 06cca548
......@@ -103,7 +103,6 @@ The sources for the manuals are located in [fiware repository](http://github.com
<pre><code>
$ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=8080 jgitflow:release-start
</code></pre>
1. Update the `AUTHZFORCE_SERVER_VERSION` ENV variable to the new version in [Dockerfile](dist/src/docker/Dockerfile).
1. Update the [changelog](CHANGELOG.md) with the new version according to keepachangelog.com.
1. Commit
1. Perform the software release (example using a HTTP proxy):
......
......@@ -28,19 +28,6 @@
</dependencies>
<build>
<finalName>${productId}-${project.version}</finalName>
<resources>
<!-- Replace variable 'productId' and 'project.version' in some source files. The result goes to ${project.build.directory}. -->
<resource>
<directory>src</directory>
<filtering>true</filtering>
<includes>
<include>webapp-context.xml</include>
<include>debian/changelog</include>
<include>debian/changes.jdeb.txt</include>
<include>tar/README.md</include>
</includes>
</resource>
</resources>
<plugins>
<plugin>
<!-- Compute timestamp to be used in debian/changes.jdeb.txt We cannot use Maven property 'maven.build.timestamp.format' because already used to compute 'currentYear' property inherited from
......@@ -57,6 +44,7 @@
</goals>
<configuration>
<name>jdeb.changelog.timestamp</name>
<locale>en_US</locale>
<pattern>HH:mm dd.MM.yyyy</pattern>
</configuration>
</execution>
......@@ -78,14 +66,53 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<escapeString>\</escapeString>
</configuration>
<executions>
<execution>
<phase>process-sources</phase>
<id>replace-product-metadata</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<!-- Replace variable 'productId' and 'project.version' in some source files. -->
<configuration>
<outputDirectory>${project.build.outputDirectory}</outputDirectory>
<resources>
<resource>
<directory>src</directory>
<filtering>true</filtering>
<includes>
<include>webapp-context.xml</include>
<include>debian/changelog</include>
<include>debian/changes.jdeb.txt</include>
<include>tar/README.md</include>
<include>docker/Dockerfile.tmpl</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.coderplus.maven.plugins</groupId>
<artifactId>copy-rename-maven-plugin</artifactId>
<version>1.0</version>
<executions>
<execution>
<id>copy-and-rename-file</id>
<phase>process-resources</phase>
<goals>
<goal>rename</goal>
</goals>
<configuration>
<sourceFile>${project.build.outputDirectory}/docker/Dockerfile.tmpl</sourceFile>
<destinationFile>${basedir}/src/docker/Dockerfile</destinationFile>
</configuration>
</execution>
</executions>
<configuration>
<escapeString>\</escapeString>
</configuration>
</plugin>
<plugin>
<groupId>com.ruleoftech</groupId>
......
......@@ -39,7 +39,7 @@ ENV DEBIAN_FRONTEND noninteractive
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=http -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"
ENV AUTHZFORCE_SERVER_VERSION="7.1.0"
ENV AUTHZFORCE_SERVER_VERSION="7.1.1-SNAPSHOT"
ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"
# Download and install Authzforce Server (service starts automatically)
......
# Copyright (C) 2012-2017 Thales Services SAS.
#
# This file is part of AuthZForce CE.
#
# AuthZForce CE is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# AuthZForce CE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
# Best practices for writing Dockerfiles:
# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
# Tips to do an unattended installation on Debian/Ubuntu:
# http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
# The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
# https://github.com/docker/docker/issues/6800
FROM tomcat:8-jre8
MAINTAINER AuthzForce Team (contact mailing list: http://scr.im/azteam)
ENV DEBIAN_FRONTEND noninteractive
# Proxy configuration (if you are building from behind a proxy)
# Next release of docker 1.9.0 should allow you to configure these by passing build-time arguments
# More info: https://github.com/docker/docker/issues/14634
#ENV http_proxy 'http://user:password@proxy-host:proxy-port'
#ENV https_proxy 'http://user:password@proxy-host:proxy-port'
#ENV HTTP_PROXY 'http://user:password@proxy-host:proxy-port'
#ENV HTTPS_PROXY 'http://user:password@proxy-host:proxy-port'
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=http -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"
ENV AUTHZFORCE_SERVER_VERSION="${project.version}"
ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"
# Download and install Authzforce Server (service starts automatically)
# Where there is a command with a pipe, we need to put in between quotes and make it an argument to bash -c command
RUN apt-get update --assume-yes -qq && \
apt-get install --assume-yes -qq \
locales-all \
locales \
less \
apt-utils \
debconf-utils \
gdebi \
curl && \
rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US en_US.UTF-8
RUN dpkg-reconfigure locales
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
RUN curl --silent --output authzforce-ce-server.deb --location $AUTHZFORCE_SERVER_DOWNLOAD_URL && \
dpkg --extract authzforce-ce-server.deb /root/authzforce/ && \
mv /root/authzforce/etc/tomcat8/Catalina /usr/local/tomcat/conf/ && \
mv /root/authzforce/opt/* /opt/ && \
rm -rf /opt/authzforce-ce-server/data/domains/* && \
rm -rf /root/authzforce && \
rm -f authzforce-ce-server.deb
CMD ["catalina.sh", "run"]
### Exposed ports
# - App server
EXPOSE 8080
<?xml version="1.0" encoding="UTF-8"?>
<!-- Context used by Tomcat -->
<Context path="/authzforce-ce" docBase="/opt/${productId}/webapp">
<JarScanner scanClassPath="false">
<JarScanFilter defaultPluggabilityScan="false" defaultTldScan="false" />
</JarScanner>
<!-- Override <context-param>s in web.xml -->
<Parameter name="logbackConfigLocation" description="Logging configuration file" value="file:/opt/${productId}/conf/logback.xml" override="false" />
......@@ -34,8 +37,8 @@
arrays (even if single-valued). More info: http://cxf.apache.org/docs/jax-rs-data-bindings.html#JAX-RSDataBindings-DealingwithJettisonarrayserializationissues (serializeAsArray always true but no effect
if this property undefined or has empty value). The example here works for AuthzForce Manager GUI" value="link,PolicySet,PolicySetIdReference,Policy,PolicyIdReference,Rule,VariableDefinition,AnyOf,AllOf,Match,ObligationExpressions,AdviceExpressions,Obligations,AssociatedAdvice"
/> -->
<Environment name="org.ow2.authzforce.webapp.noNamespaceInJsonOutput" value="false" type="java.lang.Boolean" override="false"
description="Whether to drop all XML namespaces (JSON key prefixes) from JSON output in XML-to-JSON translation. Enable this for AuthzForce Manager GUI." />
<Environment name="org.ow2.authzforce.webapp.noNamespaceInJsonOutput" value="false" type="java.lang.Boolean" override="false"
description="Whether to drop all XML namespaces (JSON key prefixes) from JSON output in XML-to-JSON translation. Enable this for AuthzForce Manager GUI." />
</Context>
\ No newline at end of file
......@@ -4,7 +4,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>7.0.0</version>
<version>7.1.0</version>
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
......@@ -15,10 +15,10 @@
<url>${project.url}</url>
<properties>
<git.url.base>https://github.com/authzforce/server</git.url.base>
<authzforce-ce-core.version>10.0.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>9.0.0</authzforce-ce-core-pap-api.version>
<authzforce-ce-core.version>10.1.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>9.1.0</authzforce-ce-core-pap-api.version>
<!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
<authzforce-ce-pap-dao-flat-file.version>9.0.0</authzforce-ce-pap-dao-flat-file.version>
<authzforce-ce-pap-dao-flat-file.version>9.1.0</authzforce-ce-pap-dao-flat-file.version>
<productId>authzforce-ce-server</productId>
<productName>AuthzForce CE Server</productName>
<productMaintainer>Thales Services SAS</productMaintainer>
......
......@@ -30,7 +30,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-rest-api-model</artifactId>
<version>5.6.0</version>
<version>5.7.0</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
......@@ -39,7 +39,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-jaxrs-utils</artifactId>
<version>1.0.0</version>
<version>1.1.0</version>
</dependency>
</dependencies>
<build>
......
......@@ -96,8 +96,8 @@
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${project.parent.artifactId}-rest-service</artifactId>
<version>${project.parent.version}</version>
<artifactId>authzforce-ce-server-rest-service</artifactId>
<version>7.1.1-SNAPSHOT</version>
</dependency>
<!-- Test dependencies -->
<dependency>
......
......@@ -26,6 +26,7 @@ import java.io.OutputStreamWriter;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ClientErrorException;
......@@ -41,16 +42,17 @@ import org.apache.cxf.jaxrs.provider.AbstractConfigurableProvider;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.ow2.authzforce.jaxrs.util.JaxbErrorMessage;
import org.ow2.authzforce.xacml.json.model.LimitsCheckingJSONObject;
/**
* JAX-RS entity provider for {@link JSONObject} input/output with configurable Consume/Produce media types and optional buffering
* <p>
* TODO: this is copy-paste from org.ow2.authzforce.core.pdp.xacml.json.jaxrs.JsonRiJaxrsProvider class (authzforce-ce-jaxrs-pdp-xacml-json project), except this one extends CXF-specific
* {@link AbstractConfigurableProvider} to allow configuration of Consume/Produce media types and use of this info at runtime. See how we can reuse in one way or the other.
* TODO: this is copy-paste from org.ow2.authzforce.core.pdp.xacml.json.jaxrs.JsonRiJaxrsProvider class (authzforce-ce-jaxrs-pdp-xacml-json project), except this one handles {@link JaxbErrorMessage},
* and extends CXF-specific {@link AbstractConfigurableProvider} to allow configuration of Consume/Produce media types and use of this info at runtime. See how we can reuse in one way or the other.
*/
@Provider
public final class JsonRiCxfJaxrsProvider extends AbstractConfigurableProvider implements MessageBodyReader<JSONObject>, MessageBodyWriter<JSONObject>
public final class JsonRiCxfJaxrsProvider<T> extends AbstractConfigurableProvider implements MessageBodyReader<JSONObject>, MessageBodyWriter<T>
{
private interface JSONObjectFactory
{
......@@ -78,15 +80,15 @@ public final class JsonRiCxfJaxrsProvider extends AbstractConfigurableProvider i
/**
* Constructs JSON provider using hardened {@link JSONTokener} that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower
* at parsing than for {@link JsonRiCxfJaxrsProvider#JsonRiJaxrsProvider()}.
* at parsing than for {@link JsonRiCxfJaxrsProvider#JsonRiCxfJaxrsProvider()}.
*
* @param maxJsonStringSize
* allowed maximum size of JSON keys and string values. If negative or zero, limits are ignored and this is equivalent to {@link JsonRiCxfJaxrsProvider#JsonRiJaxrsProvider()}.
* allowed maximum size of JSON keys and string values. If negative or zero, limits are ignored and this is equivalent to {@link JsonRiCxfJaxrsProvider#JsonRiCxfJaxrsProvider()}.
* @param maxNumOfImmediateChildren
* allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. If negative or zero, limits are ignored and this is equivalent to
* {@link JsonRiCxfJaxrsProvider#JsonRiJaxrsProvider()}.
* {@link JsonRiCxfJaxrsProvider#JsonRiCxfJaxrsProvider()}.
* @param maxDepth
* allowed maximum depth of JSON object. If negative or zero, limits are ignored and this is equivalent to {@link JsonRiCxfJaxrsProvider#JsonRiJaxrsProvider()}.
* allowed maximum depth of JSON object. If negative or zero, limits are ignored and this is equivalent to {@link JsonRiCxfJaxrsProvider#JsonRiCxfJaxrsProvider()}.
*/
@ConstructorProperties({ "maxJsonStringSize", "maxNumOfImmediateChildren", "maxDepth" })
public JsonRiCxfJaxrsProvider(final int maxJsonStringSize, final int maxNumOfImmediateChildren, final int maxDepth)
......@@ -112,22 +114,37 @@ public final class JsonRiCxfJaxrsProvider extends AbstractConfigurableProvider i
@Override
public boolean isWriteable(final Class<?> type, final Type genericType, final Annotation[] annotations, final MediaType mediaType)
{
return JSONObject.class.isAssignableFrom(type);
return JSONObject.class.isAssignableFrom(type) || type == JaxbErrorMessage.class;
}
@Override
public long getSize(final JSONObject o, final Class<?> type, final Type genericType, final Annotation[] annotations, final MediaType mediaType)
public long getSize(final T o, final Class<?> type, final Type genericType, final Annotation[] annotations, final MediaType mediaType)
{
return -1;
}
@Override
public void writeTo(final JSONObject o, final Class<?> type, final Type genericType, final Annotation[] annotations, final MediaType mediaType, final MultivaluedMap<String, Object> httpHeaders,
public void writeTo(final T o, final Class<?> type, final Type genericType, final Annotation[] annotations, final MediaType mediaType, final MultivaluedMap<String, Object> httpHeaders,
final OutputStream entityStream) throws IOException, WebApplicationException
{
final OutputStreamWriter writer = new OutputStreamWriter(entityStream, StandardCharsets.UTF_8);
o.write(writer);
writer.close();
final JSONObject json;
if (o instanceof JSONObject)
{
json = (JSONObject) o;
}
else if (o instanceof JaxbErrorMessage)
{
final JaxbErrorMessage errMsg = (JaxbErrorMessage) o;
json = new JSONObject(Collections.singletonMap("error", errMsg.getMessage()));
}
else
{
throw new RuntimeException("Unexpected input object class to MessageBodyWriter '" + this.getClass() + "': " + o.getClass());
}
try (final OutputStreamWriter writer = new OutputStreamWriter(entityStream, StandardCharsets.UTF_8))
{
json.write(writer);
}
}
@Override
......
......@@ -4,7 +4,7 @@
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public
License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>. -->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:core="http://cxf.apache.org/core"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:core="http://cxf.apache.org/core"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
......@@ -167,9 +167,9 @@
</bean>
</property>
<property name="inTransformElements">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="#{jndi_configDir}/json-to-xml-map.properties" />
</bean>
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="#{jndi_configDir}/json-to-xml-map.properties" />
</bean>
</property>
<!-- <property name="outTransformElements"> -->
<!-- <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> -->
......
<?xml version="1.0" encoding="UTF-8"?>
<!-- See https://wiki.apache.org/tomcat/HowTo/FasterStartUp for details about metadata-complete attribute and absolute-ordering element. -->
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
version="3.0" metadata-complete="true">
<display-name>Thales AuthzForce Web Application</display-name>
<absolute-ordering />
<env-entry>
<description>Configuration directory path that may contain ${...} placeholders, to be resolved as system properties: e.g. ${user.dir}. Default values can be supplied using the ':' separator between key and value (see org.springframework.util.SystemPropertyUtils class). You may use Tomcat property 'catalina.base' or 'com.sun.aas.instanceRoot' for Glassfish.</description>
<env-entry-name>org.ow2.authzforce.config.dir</env-entry-name>
......
......@@ -245,6 +245,11 @@ public class RootResourcesTest extends RestServiceTest
createdDomainIds.add(domainId);
return;
}
catch (final Exception e)
{
fail("Unexpected exception:", e);
return;
}
assertFalse(enablePdpOnly, "addDomain method allowed although enablePdpOnly=true");
......
......@@ -43,7 +43,7 @@
to JAX-RS server's in/outInterceptors. When running unit test with embedded
Tomcat, the server's logback.xml overrides this, so you need to modify the
server's logback.xml to get the proper CXF client logging. -->
<logger name="org.apache.cxf" additivity="false" level="WARN"> <appender-ref
<logger name="org.apache.cxf" additivity="false" level="INFO"> <appender-ref
ref="stdout" /> </logger>
<!-- <logger name="org.apache.http" additivity="false" level="DEBUG"> <appender-ref
ref="error" /> </logger> <logger name="org.apache.http.wire" level="ERROR">
......
......@@ -6,7 +6,7 @@
<!-- Base URL of the remote AuthZForce webapp to be tested (up to the context root), if not testing locally. If and only if specified and not the empty string, the server is assumed to be remote; no
server started locally (embedded). -->
<parameter name="remote.base.url" value="" />
<!-- <parameter name="remote.base.url" value="http://localhost:8080/authzforce-ce" /> -->
<!-- <parameter name="remote.base.url" value="http://192.168.0.36:8080/authzforce-ce" /> -->
<!-- True iff the filesystem local to the server is a "legacy" filesystem, meaning here that millisecond or higher resolution of file timestamps is not supported. This is the case of 'ext3'; whereas
'ext4' supports nanosecond resolution. Resolution lower than the millisecond has a negative impact on Authzforce file synchronization features, insofar as a file change in less than a second after the
last sync will go undetected (the file's mtime timestamp is not modified in this case). If this parameter is set to true, the unit tests will make sure this does not happen to avoid false results. -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment