diff --git a/Dockerfile b/Dockerfile
index a74288b5..17395d4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,8 +8,8 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ARG GROUPER_CONTAINER_VERSION
-ENV GROUPER_VERSION=4.2.2 \
- GROUPER_CONTAINER_VERSION=4.2.2 \
+ENV GROUPER_VERSION=4.3.0 \
+ GROUPER_CONTAINER_VERSION=4.3.0 \
JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
PATH=$PATH:$JAVA_HOME/bin \
GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
diff --git a/Dockerfile2 b/Dockerfile2
index 03ac5d23..6f141ccc 100644
--- a/Dockerfile2
+++ b/Dockerfile2
@@ -59,7 +59,7 @@ RUN cd /tmp \
# testing container
# see output with docker build . --tag my:grouper
-# DOCKER_BUILDKIT=0 docker build --progress=plain -t mygrouper .
+# DOCKER_BUILDKIT=0 docker build -f Dockerfile2 --progress=plain -t mygrouper .
# docker run --detach --name mygrouper mygrouper:latest
# docker exec -it mygrouper bash
diff --git a/Dockerfile3 b/Dockerfile3
new file mode 100644
index 00000000..ab425f9b
--- /dev/null
+++ b/Dockerfile3
@@ -0,0 +1,4 @@
+FROM i2incommon/grouper:4.3.0
+
+ENTRYPOINT ["ping"]
+CMD ["google.com"]
\ No newline at end of file
diff --git a/build3.sh b/build3.sh
new file mode 100755
index 00000000..593a6e17
--- /dev/null
+++ b/build3.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t my-grouper3 -f Dockerfile3 .
diff --git a/container_files/tomcat/conf/createPatches.txt b/container_files/tomcat/conf/createPatches.txt
new file mode 100644
index 00000000..c00b2980
--- /dev/null
+++ b/container_files/tomcat/conf/createPatches.txt
@@ -0,0 +1,4 @@
+# note: get the server.xml into the original, make sure it ends with newline if the file does
+diff -u server.xml.original server.xml.turnOnAjp > server.xml.turnOnAjp.patch
+diff -u server.xml.turnOnAjp server.xml.loggingpipe > server.xml.loggingpipe.patch
+diff -u server.xml.turnOnAjp server.xml.nologging > server.xml.nologging.patch
diff --git a/container_files/tomcat/conf/server.xml.loggingpipe b/container_files/tomcat/conf/server.xml.loggingpipe
index d223fe2f..95fae0f8 100644
--- a/container_files/tomcat/conf/server.xml.loggingpipe
+++ b/container_files/tomcat/conf/server.xml.loggingpipe
@@ -68,13 +68,17 @@
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
@@ -85,7 +89,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
@@ -100,7 +106,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
@@ -112,7 +120,7 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" maxParameterCount="1000" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/container_files/tomcat/conf/server.xml.loggingpipe.patch b/container_files/tomcat/conf/server.xml.loggingpipe.patch
index b46294c6..3e473700 100644
--- a/container_files/tomcat/conf/server.xml.loggingpipe.patch
+++ b/container_files/tomcat/conf/server.xml.loggingpipe.patch
@@ -1,6 +1,6 @@
---- server.xml.turnOnAjp 2023-01-17 12:53:45.160869124 -0500
-+++ server.xml.loggingpipe 2023-01-17 12:56:35.572142521 -0500
-@@ -155,9 +155,9 @@
+--- server.xml.turnOnAjp 2023-06-27 13:54:28.000000000 -0400
++++ server.xml.loggingpipe 2023-06-27 13:53:45.000000000 -0400
+@@ -163,9 +163,9 @@
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
diff --git a/container_files/tomcat/conf/server.xml.nologging b/container_files/tomcat/conf/server.xml.nologging
index dee41a15..3fddc762 100644
--- a/container_files/tomcat/conf/server.xml.nologging
+++ b/container_files/tomcat/conf/server.xml.nologging
@@ -68,13 +68,17 @@
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
@@ -85,7 +89,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
@@ -100,7 +106,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
@@ -112,7 +120,7 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" maxParameterCount="1000" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/container_files/tomcat/conf/server.xml.nologging.patch b/container_files/tomcat/conf/server.xml.nologging.patch
index bcd7aa61..fba67fd7 100644
--- a/container_files/tomcat/conf/server.xml.nologging.patch
+++ b/container_files/tomcat/conf/server.xml.nologging.patch
@@ -1,6 +1,6 @@
---- server.xml.turnOnAjp 2023-01-17 12:53:45.160869124 -0500
-+++ server.xml.nologging 2023-01-17 12:57:49.045158802 -0500
-@@ -155,9 +155,9 @@
+--- server.xml.turnOnAjp 2023-06-27 13:54:28.000000000 -0400
++++ server.xml.nologging 2023-06-27 13:54:16.000000000 -0400
+@@ -163,9 +163,9 @@
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
diff --git a/container_files/tomcat/conf/server.xml.original b/container_files/tomcat/conf/server.xml.original
index 1e8139dd..c18d1f60 100644
--- a/container_files/tomcat/conf/server.xml.original
+++ b/container_files/tomcat/conf/server.xml.original
@@ -68,13 +68,17 @@
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
@@ -85,7 +89,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
@@ -100,7 +106,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
@@ -116,7 +124,9 @@
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
diff --git a/container_files/tomcat/conf/server.xml.turnOnAjp b/container_files/tomcat/conf/server.xml.turnOnAjp
index 66ba7e96..7f7a4fc7 100644
--- a/container_files/tomcat/conf/server.xml.turnOnAjp
+++ b/container_files/tomcat/conf/server.xml.turnOnAjp
@@ -68,13 +68,17 @@
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ redirectPort="8443"
+ maxParameterCount="1000"
+ />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
@@ -85,7 +89,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
@@ -100,7 +106,9 @@
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
+ maxThreads="150" SSLEnabled="true"
+ maxParameterCount="1000"
+ >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
@@ -112,7 +120,7 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" maxParameterCount="1000" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/container_files/tomcat/conf/server.xml.turnOnAjp.patch b/container_files/tomcat/conf/server.xml.turnOnAjp.patch
index 5b83d7d8..c4f8fb6e 100644
--- a/container_files/tomcat/conf/server.xml.turnOnAjp.patch
+++ b/container_files/tomcat/conf/server.xml.turnOnAjp.patch
@@ -1,6 +1,6 @@
---- server.xml.original 2023-01-17 12:49:38.405305157 -0500
-+++ server.xml.turnOnAjp 2023-01-17 12:53:45.160869124 -0500
-@@ -112,12 +112,7 @@
+--- server.xml.original 2023-06-27 13:54:24.000000000 -0400
++++ server.xml.turnOnAjp 2023-06-27 13:54:28.000000000 -0400
+@@ -120,14 +120,7 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
@@ -8,9 +8,11 @@
- <Connector protocol="AJP/1.3"
- address="::1"
- port="8009"
-- redirectPort="8443" />
+- redirectPort="8443"
+- maxParameterCount="1000"
+- />
- -->
-+ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" address="0.0.0.0" allowedRequestAttributesPattern=".*" />
++ <Connector secretRequired="false" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" maxParameterCount="1000" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/container_files/tomcat/conf/server.xml.v2_5_29 b/container_files/tomcat/conf/server.xml.v2_5_29
deleted file mode 100644
index 4c803d8c..00000000
--- a/container_files/tomcat/conf/server.xml.v2_5_29
+++ /dev/null
@@ -1,169 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <!-- TomEE plugin for Tomcat -->
- <Listener className="org.apache.tomee.catalina.ServerListener" />
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" xpoweredBy="false" server="Apache TomEE" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation. The default
- SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the
- AprLifecycleListener.
- Either JSSE or OpenSSL style configuration may be used regardless of
- the SSLImplementation selected. JSSE style configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" xpoweredBy="false" server="Apache TomEE" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation which always uses
- OpenSSL for TLS.
- Either JSSE or OpenSSL style configuration may be used. OpenSSL style
- configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" xpoweredBy="false" server="Apache TomEE" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
diff --git a/run3.sh b/run3.sh
new file mode 100755
index 00000000..9cb39ae3
--- /dev/null
+++ b/run3.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+docker run -d --name my-grouper3 my-grouper3:latest
+
diff --git a/ssh3.sh b/ssh3.sh
new file mode 100755
index 00000000..f20718bb
--- /dev/null
+++ b/ssh3.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker exec -it my-grouper3 bash