GRP-3204: if GROUPER_WEBCLIENT_IS_SSL is false, then the server.xml

secure="true" should be removed and scheme="http" adjusted
docker · Mar 3, 2021 · bdd8d3c · bdd8d3c
1 parent 513cf0f
commit bdd8d3c
Show file tree

Hide file tree

Showing 7 changed files with 97 additions and 16 deletions.
diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh
@@ -5,7 +5,7 @@ if [ "$#" -ne 4 ]; then
   exit 1
 fi
 
-expectedSuccesses=692
+expectedSuccesses=710
 
 export containerName=$1
 export imageName=$2
@@ -23,6 +23,7 @@ export failureCount=0
 . ./grouperContainerUnitTestUi.sh
 . ./grouperContainerUnitTestUi2.sh
 . ./grouperContainerUnitTestUiNoSsl.sh
+. ./grouperContainerUnitTestUiNoSslOrClient.sh
 . ./grouperContainerUnitTestUiDifferentPorts.sh
 . ./grouperContainerUnitTestSlashRoot.sh
 . ./grouperContainerUnitTestSelfSigned.sh
@@ -36,6 +37,7 @@ export failureCount=0
 testContainerUi
 testContainerUi2
 testContainerUiNoSsl
+testContainerUiNoSslOrClient
 testContainerSlashRoot
 testContainerSelfSigned
 testContainerUiDifferentPorts
@@ -52,7 +54,6 @@ dockerRemoveSubimage
 
 
 
-
 echo ""
 echo "$successCount successes, $failureCount failures"
 if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ]  ; then

diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
@@ -11,7 +11,7 @@ testContainerUiNoSsl() {
 
   echo
   echo '################'
-  echo Running container as ui without SSL
+  echo Running container as ui without SSL with SSL client
   echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
   echo '################'
   echo
@@ -33,6 +33,9 @@ testContainerUiNoSsl() {
   assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
   assertFileNotContains /opt/tier-support/supervisord.conf "__"
   assertFileContains /opt/tomee/conf/server.xml "AccessLogValve"
+  assertFileContains /opt/tomee/conf/server.xml 'secure="true"'
+  assertFileContains /opt/tomee/conf/server.xml 'scheme="https"'
+  assertFileNotContains /opt/tomee/conf/server.xml 'scheme="http"'
   assertFileContains /opt/tomee/conf/web.xml "<session-timeout>30</session-timeout>"
 
 
@@ -67,6 +70,7 @@ testContainerUiNoSsl() {
   assertEnvVar GROUPER_USE_SSL "false"
   assertEnvVar GROUPER_WS "false"
   assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_WEBCLIENT_IS_SSL "true"
 
   assertNumberOfTomcatProcesses 1
   assertNumberOfApacheProcesses 5

diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+testContainerUiNoSslOrClient() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui without SSL with non-SSL client
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
+  assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
+  assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
+  assertFileNotExists /etc/httpd/conf.d/ssl.conf
+
+  assertFileNotContains /opt/tomee/conf/server.xml 'secure="true"'
+  assertFileNotContains /opt/tomee/conf/server.xml 'scheme="https"'
+  assertFileContains /opt/tomee/conf/server.xml 'scheme="http"'
+
+  assertEnvVar GROUPER_USE_SSL "false"
+  assertEnvVar GROUPER_WEBCLIENT_IS_SSL "false"
+
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 1
+
+  assertNotListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl
diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh
@@ -12,24 +12,25 @@ export grouperContainerGitPath=$3
 export subimageName=my-grouper-$2
 
 export reldir=`dirname $0`
+cd $reldir
 
 # /mnt/c/mchyzer/git/grouper_container
-mkdir -p $reldir/slashRoot/usr/local/bin
-rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* $reldir/slashRoot/usr/local/bin
+mkdir -p slashRoot/usr/local/bin
+rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin
 
-mkdir -p $reldir/slashRoot/etc/httpd/conf.d
-rsync -avzpl $grouperContainerGitPath/container_files/httpd/* $reldir/slashRoot/etc/httpd/conf.d
+mkdir -p slashRoot/etc/httpd/conf.d
+rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d
 
-mkdir -p $reldir/slashRoot/opt/tier-support/originalFiles
-rsync -avzpl $reldir/etc/httpd/conf.d/ssl-enabled.conf $reldir/slashRoot/opt/tier-support/originalFiles
+mkdir -p slashRoot/opt/tier-support/originalFiles
+rsync -avzpl etc/httpd/conf.d/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles
 
 rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir
 
-#mkdir -p $reldir/slashRoot/opt/tomee/conf
-#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* $reldir/slashRoot/opt/tomee/conf/
+#mkdir -p slashRoot/opt/tomee/conf
+#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* slashRoot/opt/tomee/conf/
 
-sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "$reldir/testContainer.Dockerfile"
+sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile"
 
-docker build -f $reldir/testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir
+docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir
 
 echo "Run tests with: ./grouperContainerUnitTest.sh grouper-test $subimageName:latest $grouperBaseContainerVersion $grouperBaseContainerVersion"
diff --git a/container_files/tier-support/test/testContainer.Dockerfile b/container_files/tier-support/test/testContainer.Dockerfile
@@ -1,8 +1,8 @@
 # this matches the version you decided on from release notes
-ARG GROUPER_VERSION=2.5.40
+ARG GROUPER_VERSION=2.5.XX
 
 #  --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION}
-FROM i2incommon/grouper:2.5.40
+FROM i2incommon/grouper:2.5.XX
 
 # this will overlay all the files from /opt/grouperContainer/slashRoot on to /
 COPY slashRoot /

diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
@@ -367,8 +367,12 @@ prep_finishBegin() {
       fi
 
     fi
+    if [ -z "$GROUPER_WEBCLIENT_IS_SSL" ] ; then 
+
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WEBCLIENT_IS_SSL=true (browser or WS client is SSL)"
+      export GROUPER_WEBCLIENT_IS_SSL=true
 
-
+    fi
 
     if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then 
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_PROCESSES_AS_USERS=true"

diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -9,6 +9,7 @@ setupFilesTomcat() {
   setupFilesTomcat_ports
   setupFilesTomcat_accessLogs
   setupFilesTomcat_sessionTimeout
+  setupFilesTomcat_ssl
 }
 
 
@@ -232,12 +233,35 @@ setupFilesTomcat_sessionTimeout() {
   fi
 }
 
+setupFilesTomcat_ssl() {
+
+  if [ "$GROUPER_WEBCLIENT_IS_SSL" = "false" ]
+    then
+    sed -i 's|secure="true"||g' /opt/tomee/conf/server.xml
+    returnCode=$?
+    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|secure=\"true\"||g' /opt/tomee/conf/server.xml , result=$returnCode"
+    if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]
+      then
+        exit $returnCode
+    fi  
+    sed -i 's|scheme="https"|scheme="http"|g' /opt/tomee/conf/server.xml
+    returnCode=$?
+    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|scheme=\"https\"|scheme=\"http\"|g' /opt/tomee/conf/server.xml , result=$returnCode"
+    if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ]
+      then
+        exit $returnCode
+    fi  
+  fi
+}
+
+
 setupFilesTomcat_unsetAll() {
 
   unset -f setupFilesTomcat
   unset -f setupFilesTomcat_authn
   unset -f setupFilesTomcat_context
   unset -f setupFilesTomcat_ports
+  unset -f setupFilesTomcat_ssl
   unset -f setupFilesTomcat_supervisor
   unset -f setupFilesTomcat_unsetAll
   unset -f setupFilesTomcat_accessLogs
@@ -253,6 +277,7 @@ setupFilesTomcat_exportAll() {
   export -f setupFilesTomcat_authn
   export -f setupFilesTomcat_context
   export -f setupFilesTomcat_ports
+  export -f setupFilesTomcat_ssl
   export -f setupFilesTomcat_supervisor
   export -f setupFilesTomcat_unsetAll
   export -f setupFilesTomcat_accessLogs