... <appRoot>http://yourresourceserver/optional/path/to/resources/caladminrsrc</appRoot> ... <appRoot>http://yourresourceserver/optional/path/to/resources/calrsrc</appRoot> ... <appRoot>http://yourresourceserver/optional/path/to/resources/calrsrc</appRoot> ... <appRoot>http://yourresourceserver/optional/path/to/resources/ucalrsrc</appRoot> ... |
...tomcat]$ find . -name "options.xml" -exec grep -H appRoot {} \; ./webapps/ucal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/caladminrsrc</appRoot> ./webapps/ucal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/ucal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/ucal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/ucalrsrc</appRoot> ./webapps/pubcaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/caladminrsrc</appRoot> ./webapps/pubcaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/pubcaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/pubcaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/ucalrsrc</appRoot> ./webapps/caladmin/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/caladminrsrc</appRoot> ./webapps/caladmin/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/caladmin/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/caladmin/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/ucalrsrc</appRoot> ./webapps/soedept/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/caladminrsrc</appRoot> ./webapps/soedept/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/soedept/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/soedept/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/ucalrsrc</appRoot> ./webapps/ucaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/caladminrsrc</appRoot> ./webapps/ucaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/ucaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/ucaldav/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/ucalrsrc</appRoot> ./webapps/cal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/caladminrsrc</appRoot> ./webapps/cal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/cal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/calrsrc</appRoot> ./webapps/cal/WEB-INF/classes/properties/calendar/options.xml: <appRoot>http://yourbedeworkserver/ucalrsrc</appRoot> |
<?xml version="1.0" encoding="UTF-8"?> <project name="event-calendar" default="build"> <!-- Example repackaging script written by David Eisinger and Gary Weaver of Duke University --> <!-- It assumes a directory layout like: /bedework-(version)/ - directory that is the unaltered bedework distribution as an svn-external to https://www.bedework.org/svn/bedework/releases/bedework-(version). Name specified as repackaged.bw.dir property. /build.xml - this file /config/ - directory containing a directory for every host you have. In each of those host directories, you create/copy a repackaged-bedework.build.properties, repackaged-bedework.options.xml, repackaged-bedework.properties files corresponding to the files listed in the user manual as bedework.build.properties, myconfig.options.xml, and myconfig.properties respectively /lib/build/ - should contain appropriate ant-contrib and jsch jars, for example: ant-contrib-1.0b3.jar and jsch-0.1.36.jar /lib/schema/ - should contain appropriate database jars for all database types you may need to use, such as mysql-connector-java-5.0.5-bin.jar and ojdbc14.jar /src/main/ - directory that mirrors the bedework distribution directory structure above that you can use to overlay customized files atop Bedework at your own risk (not needed for Shibbolization) --> <dirname property="basedir" file="${ant.file}"/> <!-- Bedework build needs this. Assumes you have put this jar into ./lib/build --> <taskdef resource="net/sf/antcontrib/antcontrib.properties" classpath="${basedir}/lib/build/ant-contrib-1.0b3.jar"/> <!-- Since these properties are inherited by the Bedework build, prefix them with "repackaged" to keep them from unintentionally overriding Bedework properties --> <!-- repackaged specific files to replace original Bedework files with --> <property name="repackaged.src.dir" value="${basedir}/src/main"/> <!-- The unaltered bedework distribution as an svn-external to https://www.bedework.org/svn/bedework/releases/(release name) --> <!-- Notes: * You may rather redo this to use the quickstart distribution instead to avoid slowness. --> <!-- * They seem to have been releasing changes to Bedework using the same release number, so it isn't necessarily static. That is not good. --> <property name="repackaged.bedework.original.version" value="bedework-3.4"/> <property name="repackaged.bw.dir" value="${basedir}/${repackaged.bedework.original.version}"/> <!-- Temp location where we will copy the original bedework files and then overlay them with our own files --> <property name="repackaged.tmp.dir" value="${basedir}/build-tmp"/> <!-- Build artifact directory --> <property name="repackaged.dist.dir" value="${basedir}/dist"/> <!-- Directory containing a directory for each host, each containing host specific config --> <property name="repackaged.config.dir" value="${basedir}/config"/> <!-- Host-specific config --> <property name="repackaged.specific.host.config.dir" value="${repackaged.config.dir}/${myhost}"/> <!-- Where host-specific config gets copied to before the build during apply-changes. This is referred to in each host-specific *build.properties --> <property name="repackaged.tmp.config.dir" value="${repackaged.tmp.dir}/repackaged-config"/> <!-- for copying Bedeworks distributables other than webapps and war, such as the dumpres schema generation utility --> <property name="repackaged.tmp.dir.dist" value="${repackaged.tmp.dir}/dist"/> <property name="repackaged.tmp.dir.dist.dumpres.zip" value="${repackaged.tmp.dir.dist}/dumpres.zip"/> <property name="repackaged.dist.schema.dir" value="${repackaged.dist.dir}/schema"/> <!-- This must be set for Bedework to find our config --> <property name="org.bedework.user.build.properties" value="${repackaged.tmp.config.dir}/repackaged-bedework.build.properties"/> <!-- Specify the location where the Bedework build will run --> <property name="org.bedework.project.bedework" value="${repackaged.tmp.dir}"/> <!-- Instead of Tomcat dir, we put artifacts into dist --> <property name="org.bedework.appserver.dir" value="${repackaged.dist.dir}"/> <!-- Note: update the example so they mirror the directory names you setup in config. Each ./config/directoryname should contain --> <property name="ant.cmd.examples" value="for dev: ant -Dmyhost=dev.mycompany.com, for test: ant -Dmyhost=test.dadscompany.com, for prod: ant -Dmyhost=prod.momscompany.com"/> <!-- Verify req'd properties that are needed are available --> <target name="init"> <fail message="Please specify -Dmyhost=(directory name within ./config dir containing your host config) on the command-line. Examples: ${ant.cmd.examples}" unless="myhost"/> </target> <target name="clean"> <delete dir="${repackaged.tmp.dir}"/> <delete dir="${repackaged.dist.dir}"/> </target> <target name="clean-tmp"> <delete dir="${repackaged.tmp.dir}"/> </target> <target name="copy-bedework" depends="clean"> <copy todir="${repackaged.tmp.dir}" includeEmptyDirs="true" overwrite="true"> <fileset dir="${repackaged.bw.dir}"> <exclude name="**/.svn/**"/> </fileset> </copy> </target> <target name="apply-changes" depends="copy-bedework, apply-host-config, apply-overlay-files"/> <!-- Apply host-specific config --> <target name="apply-host-config" depends="init, copy-bedework, myhost-config-exists"> <mkdir dir="${repackaged.tmp.config.dir}"/> <copy todir="${repackaged.tmp.config.dir}" includeEmptyDirs="true" overwrite="true" verbose="true"> <fileset dir="${repackaged.specific.host.config.dir}"/> </copy> </target> <!-- Check existance of config dir for specified myhost parameter --> <target name="set-myhost-config-is-present" depends="init"> <available property="myhost-config-is-present" file="${repackaged.specific.host.config.dir}"/> </target> <!-- Fail if config/(myhost param) dir not present --> <target name="myhost-config-exists" depends="init, set-myhost-config-is-present" unless="myhost-config-is-present"> <fail message="Please specify myhost parameter. Directory ${repackaged.specific.host.config.dir} not found." /> </target> <target name="apply-overlay-files" depends="copy-bedework"> <copy todir="${repackaged.tmp.dir}" includeEmptyDirs="true" overwrite="true" verbose="true"> <fileset dir="${repackaged.src.dir}"/> </copy> </target> <target name="build-bedework" depends="clean, copy-bedework, apply-changes"> <ant antfile="${repackaged.tmp.dir}/build.xml" inheritrefs="true" inheritAll="true" target="clean.deploy"/> </target> <target name="javadoc-plain-bedework"> <mkdir dir="${repackaged.dist.dir}/originalapidocs-generated/${repackaged.bedework.original.version}/api"/> <javadoc destdir="${repackaged.dist.dir}/originalapidocs-generated/${repackaged.bedework.original.version}/api" author="true" version="true" use="true" windowtitle="${repackaged.bedework.original.version}" noindex="false" nohelp="false" nonavbar="false" notree="false" nodeprecated="false" nodeprecatedlist="false" failonerror="true" > <fileset dir="${repackaged.bedework.original.version}" defaultexcludes="yes"> <include name="**/src/**"/> <exclude name="**/deployment/resources/javascript/**"/> <exclude name="**/package.**"/> <exclude name="**/svn-commit**"/> </fileset> <doctitle><![CDATA[<h1>${repackaged.bedework.original.version}</h1>]]></doctitle> <bottom><![CDATA[<i>Javadocs generated by Duke University OIT using the source from ${repackaged.bedework.original.version}. Because the source is not static, this documentation may need to be updated.</i>]]></bottom> <tag name="todo" scope="all" description="To do:"/> </javadoc> </target> <target name="setup-root-tar-gz" depends="build-bedework"> <tar tarfile="${repackaged.dist.dir}/webapps/ROOT.tar" basedir="${repackaged.dist.dir}/webapps" includes="ROOT/**"/> <delete dir="${repackaged.dist.dir}/webapps/ROOT"/> <gzip zipfile="${repackaged.dist.dir}/webapps/ROOT.tar.gz" src="${repackaged.dist.dir}/webapps/ROOT.tar"/> <delete file="${repackaged.dist.dir}/webapps/ROOT.tar"/> </target> <target name="setup-dumpres" depends="build-bedework"> <!-- Unzip the schema utility and copy DB driver jars into it, so it is ready to go if needed --> <mkdir dir="${repackaged.dist.schema.dir}"/> <unzip src="${repackaged.tmp.dir.dist.dumpres.zip}" dest="${repackaged.dist.schema.dir}"/> <copy overwrite="true" file="${basedir}/datasets/groups_cats_cals_subs_views_impl_team_users/initbedework.xml" todir="${repackaged.dist.schema.dir}/dumpres/data"/> <copy todir="${repackaged.dist.schema.dir}/dumpres/lib" includeEmptyDirs="true" overwrite="true" verbose="true"> <fileset dir="${basedir}/lib/schema"/> </copy> <chmod file="${repackaged.dist.schema.dir}/dumpres/bwrun" perm="ugo+rx"/> </target> <!-- Just doing this for development ONLY. Test should be a copy of production, and we should never touch production via the Ant script as it would be too easy to screw something up. --> <!-- Requires you to use MySQL Administrator or similar tool to blow away tables in development schema. Be absolutely sure that dumpres DB settings and other DB settings are correct! --> <target name="create-development-db" depends="build"> <!-- call dumpres script to create schema --> <exec dir="${repackaged.dist.schema.dir}/dumpres" failonerror="true" executable="/bin/sh"> <arg value="-c"/> <arg value="./bwrun schema-export"/> </exec> <!-- call dumpres script to populate with development dataset --> <exec dir="${repackaged.dist.schema.dir}/dumpres" failonerror="true" executable="/bin/sh"> <arg value="-c"/> <arg value="./bwrun initdb -ndebug -indexroot lucene"/> </exec> <!-- tar.gz the initial lucene indexes (there is no way to rebuild lucene indexes in Bedework 3.4) --> <tar tarfile="${repackaged.dist.dir}/webapps/lucene.tar" basedir="${repackaged.dist.schema.dir}/dumpres" includes="lucene/**"/> <gzip zipfile="${repackaged.dist.dir}/webapps/lucene.tar.gz" src="${repackaged.dist.dir}/webapps/lucene.tar"/> <delete file="${repackaged.dist.dir}/webapps/lucene.tar"/> <!-- TODO: automate SCP, explode lucene.tar.gz into tomcat/bin/ --> </target> <target name="build-without-clean-tmp" depends="init, clean, copy-bedework, apply-changes, build-bedework, setup-root-tar-gz, setup-dumpres"/> <target name="build" depends="build-without-clean-tmp, clean-tmp"/> </project> |
# Location of our bedework property files org.bedework.config.properties=${repackaged.tmp.config.dir}/repackaged-bedework.properties org.bedework.config.options=${repackaged.tmp.config.dir}/repackaged-bedework.options.xml |
(this file is same as "myconfig.properties" referred to in the instructions with a different name)
<!-- This provides run time options for each of the configured applications. --> <bedework-options> <org> <bedework> <global> <module> ... (copy this file and modify per Bedework user manual instructions) ... |
(this file is same as "myconfig.options.xml" referred to in the instructions with a different name)
# # -------------------------------------------------------------------- # # Introduction # # # Properties for all modules are saved below - even if they are not # being deployed. The globals section defines which modules will be ... (copy Bedework sample config and modify per Bedework user manual instructions) ... |
... org.bedework.app.CalAdmin.tomcat.context.xml=${repackaged.tmp.config.dir}/repackaged-bedework.context.xml ... org.bedework.app.Events.tomcat.context.xml=${repackaged.tmp.config.dir}/repackaged-bedework.context.xml ... org.bedework.app.SoEDept.tomcat.context.xml=${repackaged.tmp.config.dir}/repackaged-bedework.context.xml ... org.bedework.app.UserCal.tomcat.context.xml=${repackaged.tmp.config.dir}/repackaged-bedework.context.xml ... org.bedework.app.Pubcaldav.tomcat.context.xml=${repackaged.tmp.config.dir}/repackaged-bedework.context.xml ... org.bedework.app.Usercaldav.tomcat.context.xml=${repackaged.tmp.config.dir}/repackaged-bedework.context.xml ... |
(this file is same as "\<home\>/bwbuild/prod/context.xml" referred to in the instructions with a different name)
<Context path="@CONTEXT-ROOT@" reloadable="false"> <Resource name="jdbc/calDB" auth="Container" type="javax.sql.DataSource" driverClassName="org.hsqldb.jdbcDriver" url="jdbc:hsqldb:hsql://localhost:8887" username="sa" password="" maxActive="8" maxIdle="4" maxWait="-1" defaultAutoCommit="false" /> <!-- Disables restart persistence of sessions --> <Manager pathname=""/> </Context> |
ServerName
set properly and routing the right requests to Tomcat, and redirecting all traffic to SSL, but there are some tricks:/Shibboleth.sso/*
don't get passed to Tomcat. If you're putting Bedework at the root, you'll probably be routing everything over, so you'll need to exclude that path with JkUnMount
or the equivalent command for your connector.LoadModule jk_module modules/mod_jk.so JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info JkMount /* ajp13_worker JkUnMount /Shibboleth.sso/* ajp13_worker JkUnMount /shibboleth ajp13_worker JkUnMount /shibboleth-sp/* ajp13_worker |
from Michael Gettes
Alias /ucalrsrc /home/nmi/bedework/apache-tomcat-5.5.17/webapps/ROOT/ucalrsrc Alias /bedework-common /home/nmi/bedework/apache-tomcat-5.5.17/webapps/ROOT/bedework-common Alias /calrsrc.MainCampus /home/nmi/bedework/apache-tomcat-5.5.17/webapps/ROOT/calrsrc.MainCampus Alias /caladminrsrc /home/nmi/bedework/apache-tomcat-5.5.17/webapps/ROOT/caladminrsrc <Directory /home/nmi/bedework/apache-tomcat-5.5.17/webapps/ROOT/> Allow from all Options Indexes FollowSymLinks </Directory> <Location /cal> </Location> ProxyPass /cal ajp://localhost:8080/cal/ ProxyPass /cal/* ajp://localhost:8080/cal/ <Location /caladmin> AuthType shibboleth require shibboleth ShibRequireSession On require valid-user </Location> ProxyPass /caladmin ajp://localhost:8080/caladmin/ ProxyPass /caladmin/* ajp://localhost:8080/caladmin/ <Location /ucal> AuthType shibboleth require shibboleth ShibRequireSession On require valid-user </Location> ProxyPass /ucal ajp://localhost:8080/ucal/ ProxyPass /ucal/* ajp://localhost:8080/ucal/ |
LogLevel info <VirtualHost *:80> ServerAdmin me@test.edu # We are serving static content via Apache. Keep the Tomcat HTTP and HTTPS connectors closed # in Tomcat closed or it will allow Shibboleth to be bypassed for login if the user hits that # port directly, which will inevitably happen, most likely by accident. You can serve this # content wherever you'd like, but it seems better to keep it together with the webapps. DocumentRoot /path/to/tomcat/webapps/ROOT/ # If you have an identity file for load balancing Alias /lb.html /path/to/static/html/lb.html ServerName dev.test.edu JkMount /* ajp13 JkUnMount /Shibboleth.sso/* ajp13 JkUnMount /lb.html ajp13 JkUnMount /test/* ajp13 # Support rewriting RewriteEngine On # Redirect http://.../ to http://.../cal/ RewriteCond %{REQUEST_URI} ^/$ RewriteRule ^.*$ http://dev.test.edu/cal/ [R,L] # Redirect shibbed parts to https # caladmin should be shibbed but not caladminrsrc RewriteCond %{REQUEST_URI} !^/caladminrsrc.*$ RewriteCond %{REQUEST_URI} ^/caladmin.*$ RewriteRule ^(.*)$ https://dev.test.edu$1 [R,L] # ucal should be shibbed but not ucaldav RewriteCond %{REQUEST_URI} !^/ucaldav.*$ RewriteCond %{REQUEST_URI} ^/ucal.*$ RewriteRule ^(.*)$ https://dev.test.edu$1 [R,L] </VirtualHost> #Listen 443 NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin me@test.edu #DocumentRoot /path/to/static/html # NOTE: See note above. Some resources (like bedework-common) need to be served from HTTPS # when accessed by HTTPS pages, for example the dojo stuff used by caladmin, otherwise you # can't specify dates in add event. DocumentRoot /path/to/tomcat/webapps/ROOT/ # If you have an identity file for load balancing Alias /lb.html /path/to/static/html/lb.html ServerName dev.test.edu # (Logging config) # (SSL config stuff goes here) JkMount /* ajp13 JkUnMount /Shibboleth.sso/* ajp13 JkUnMount /lb.html ajp13 # Support rewriting RewriteEngine On # Redirect https://host/ to http://host/cal/ and force HTTP for apps and resources that # should be served using HTTP instead of HTTPS. Points of interest: # 1) Bedework doesn't support XSL (XSLT) resources via HTTPS (at least in 3.4) # 2) If in /cal or other unprotected areas, resources and the app need to both be using the # same security level or you'll get mixed-content messages in IE. # 3) bedework-common should be served by HTTP by /cal, and HTTPS by /caladmin. This is the # only exception known currently in Bedework 3.4. RewriteRule ^/$ http://dev.test.edu/cal/ [R,L] RewriteRule ^/cal$ http://dev.test.edu/cal/ [R,L] RewriteRule ^/cal/(.*)$ http://dev.test.edu/cal/$1 [R,L] RewriteRule ^/soedept/(.*)$ http://dev.test.edu/soedept/$1 [R,L] RewriteRule ^/pubcaldav/(.*)$ http://dev.test.edu/pubcaldav/$1 [R,L] RewriteRule ^/ucaldav/(.*)$ http://dev.test.edu/ucaldav/$1 [R,L] # Add rules for other HTTP served apps here # The following are resources under ROOT that should be redirected RewriteRule ^/bedework/(.*)$ http://dev.test.edu/bedework/$1 [R,L] # NOTE: bedework-common not redirected because dojo can't handle an HTTPS page accessing js # via HTTP or you'll see a javascript error like this in Firebug: # uncaught exception: Security Error: Content at https://dev.test.edu/caladmin/event/showModForm.rdo may not load data from http://dev.test.edu/bedework-common/javascript/dojo/src/widget/__package__.js. #RewriteRule ^/bedework-common/(.*)$ http://dev.test.edu/bedework-common/$1 [R,L] RewriteRule ^/caladminrsrc/(.*)$ http://dev.test.edu/caladminrsrc/$1 [R,L] RewriteRule ^/calrsrc.MainCampus/(.*)$ http://dev.test.edu/calrsrc.MainCampus/$1 [R,L] RewriteRule ^/calrsrc.SoEDepartmental/(.*)$ http://dev.test.edu/calrsrc.SoEDepartmental/$1 [R,L] RewriteRule ^/ucalrsrc/(.*)$ http://dev.test.edu/ucalrsrc/$1 [R,L] </VirtualHost> |
# start Bedework <Location /ucalrsrc> Allow from all Options Indexes FollowSymLinks </Location> <Location /bedework-common> Allow from all Options Indexes FollowSymLinks </Location> <Location /calrsrc.MainCampus> Allow from all Options Indexes FollowSymLinks </Location> <Location /caladminrsrc> Allow from all Options Indexes FollowSymLinks </Location> <Location /cal> Allow from all Options Indexes FollowSymLinks </Location> # unshibbolized (login as caladmin) #<Location /caladmin> # Allow from all # Options Indexes FollowSymLinks #</Location> # shibbolized <Location /caladmin> AuthType shibboleth require shibboleth ShibRequireSession On require valid-user # Scott Cantor said this would ensure REMOTE_USER is set. require user ~ .+ </Location> <Location /ucal> AuthType shibboleth require shibboleth ShibRequireSession On require valid-user </Location> # end Bedework |
(Assuming you are using Tomcat and Apache+mod_jk)
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" tomcatAuthentication="false"/> |
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" allRolesMode="authOnly" /> |