Skip to content

Commit

Permalink
Added security policies for tomcat.
Browse files Browse the repository at this point in the history 
Solves craftercms#1432
Solves craftercms#1493
Upgrade to Gradle 4.1
  • Loading branch information
Carlos Ortiz committed Oct 30, 2017
1 parent 6d4328e commit 27d88c2
Show file tree
Hide file tree
Showing 9 changed files with 381 additions and 47 deletions.
12 changes: 6 additions & 6 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ ext {
keepBin=project.hasProperty("keepBin")? project.property("keepBin") : false

testingPlatform=project.hasProperty("crafter.testing.platform")? project.property("crafter.testing.platform") : System.properties['os.name'].toString().toLowerCase().replaceAll(" ","-")
chromeDriverVersion=project.hasProperty("crafter.testing.chrome")? project.property("crafter.testing.chrome") : 2.31
chromeDriverVersion=project.hasProperty("crafter.testing.chrome")? project.property("crafter.testing.chrome") : 2.33
browserToTest=project.hasProperty("crafter.testing.browser")? project.property("crafter.testing.browser") : "chrome"
testArtifacts=project.hasProperty("crafter.unittest") ? project.property("crafter.unittest") : false

Expand Down Expand Up @@ -656,11 +656,11 @@ def checkEnvWD(path, env) {
deployerDir.mkdir()
downloadTomcat.execute()
downloadSolr.execute()
if (env.equals("authoring")) {
authoringEnvironment.execute()
} else if (env.equals("delivery")) {
deliveryEnvironment.execute()
}
}
if (env.equals("authoring")) {
authoringEnvironment.execute()
} else if (env.equals("delivery")) {
deliveryEnvironment.execute()
}
}

Expand Down
130 changes: 95 additions & 35 deletions environments.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ task("authoringEnvironment"){
copy{
from "./src/search/crafter-search-provider/solr/configsets"
into "${authEnv}/bin/solr/server/solr/configsets"
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/solr/server/solr/configsets")).exists() && !forceDeploy) {
it.exclude()
}
}
}

file("${authEnv}/data/indexes").mkdirs()
Expand All @@ -51,15 +56,20 @@ task("authoringEnvironment"){
from "./resources/tomcat-config/crafter/setenv.sh"
from "./resources/tomcat-config/crafter/setenv.bat"
into "${authEnv}/bin/apache-tomcat/bin"
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/apache-tomcat/bin")).exists() && !forceDeploy) {
it.exclude()
}
}
}

copy{
from "./src/search/crafter-search-server/target/crafter-search.war"
from "./src/engine/target/ROOT.war"
from "./src/studio/target/studio.war"
into "${authEnv}/bin/apache-tomcat/webapps/"
from "./resources/tomcat-config/crafter/catalina.policy"
into "${authEnv}/bin/apache-tomcat/conf/"
}



copy{
from "./resources/tomcat-config/"
into "${authEnv}/bin/apache-tomcat/shared/classes/"
Expand All @@ -73,6 +83,11 @@ task("authoringEnvironment"){
MONGODB_PORT:String.valueOf(authMongoDBPort),
ENV:"authoring"
])
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/apache-tomcat/shared/classes/")).exists() && !forceDeploy) {
it.exclude()
}
}
}

copy{
Expand All @@ -88,24 +103,49 @@ task("authoringEnvironment"){
MONGODB_PORT:String.valueOf(authMongoDBPort),
ENV:"authoring"
])
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/crafter-deployer")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy {
from "./src/deployer/README.md"
into "${authEnv}/bin/crafter-deployer/"
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/crafter-deployer/")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy {
from "./src/studio/README.md"
into "${authEnv}/bin/apache-tomcat"
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/apache-tomcat")).exists() && !forceDeploy) {
it.exclude()
}
}
}

copy {
from "./resources/LICENSE"
from "./resources/README.txt"
into "${authEnv}/"
eachFile {
if (it.relativePath.getFile(file("${authEnv}/")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy{
from ("./resources/crafter/"){
exclude "**/init-site.*"
eachFile {
if (it.relativePath.getFile(file("${authEnv}/bin/")).exists() && !forceDeploy) {
it.exclude()
}
}
}
into "${authEnv}/bin/"
filter(ReplaceTokens, tokens: [TOMCAT_HTTP_PORT: String.valueOf(authTomcatPort),
Expand Down Expand Up @@ -138,20 +178,6 @@ task("authoringEnvironment"){
}
}
updateCatalinaSettings(authEnv);
if(includeProfile){
copy{
from "./src/profile/server/target/crafter-profile.war"
from "./src/profile/admin-console/target/crafter-profile-admin.war"
into "${authEnv}/bin/apache-tomcat/webapps/"
}
}
if(includeSocial){
copy{
from "./src/social/server/target/crafter-social.war"
from "./src/social/admin/target/crafter-social-admin.war"
into "${authEnv}/bin/apache-tomcat/webapps/"
}
}
updateTomcatPorts("${authEnv}/bin/apache-tomcat/conf/server.xml",authTomcatPort,authTomcatAJPPort,
authTomcatShutdownPort,authTomcatSSLPort)
updateTomcatContext("${authEnv}/bin/apache-tomcat/conf/context.xml")
Expand Down Expand Up @@ -179,10 +205,17 @@ task("deliveryEnvironment"){
}
file("${deliveryEnv}/bin/solr-${solrVersion}").renameTo(file("${deliveryEnv}/bin/solr"))
}

copy{
from "./src/search/crafter-search-provider/solr/configsets"
into "${deliveryEnv}/bin/solr/server/solr/configsets"
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/solr/server/solr/configsets")).exists() && !forceDeploy) {
it.exclude()
}
}
}

file("${deliveryEnv}/data/indexes").mkdirs()
file("${deliveryEnv}/data/deployer").mkdirs()
file("${deliveryEnv}/data/mongodb").mkdirs()
Expand All @@ -195,12 +228,16 @@ task("deliveryEnvironment"){
from "./resources/tomcat-config/crafter/setenv.sh"
from "./resources/tomcat-config/crafter/setenv.bat"
into "${deliveryEnv}/bin/apache-tomcat/bin"
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/apache-tomcat/bin")).exists() && !forceDeploy) {
it.exclude()
}
}
}

copy{
from "./src/search/crafter-search-server/target/crafter-search.war"
from "./src/engine/target/ROOT.war"
into "${deliveryEnv}/bin/apache-tomcat/webapps/"
from "./resources/tomcat-config/crafter/catalina.policy"
into "${authEnv}/bin/apache-tomcat/conf/"
}

copy{
Expand All @@ -215,6 +252,11 @@ task("deliveryEnvironment"){
MONGODB_PORT:String.valueOf(deliveryMongoDBPort),
ENV:"delivery"
])
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/apache-tomcat/shared/classes/")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy{
from "./resources/tomcat-config-delivery/"
Expand All @@ -228,6 +270,11 @@ task("deliveryEnvironment"){
MONGODB_PORT:String.valueOf(deliveryMongoDBPort),
ENV:"delivery"
])
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/apache-tomcat/shared/classes/")).exists() && !forceDeploy) {
it.exclude()
}
}
}

copy{
Expand All @@ -242,20 +289,40 @@ task("deliveryEnvironment"){
MONGODB_PORT:String.valueOf(deliveryMongoDBPort),
ENV:"delivery"
])
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/crafter-deployer")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy {
from "./src/deployer/README.md"
into "${deliveryEnv}/bin/crafter-deployer/"
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/crafter-deployer/")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy {
from "./src/studio/README.md"
into "${deliveryEnv}/bin/apache-tomcat"
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/apache-tomcat")).exists() && !forceDeploy) {
it.exclude()
}
}
}

copy {
from "./resources/LICENSE"
from "./resources/README.txt"
into "${deliveryEnv}/"
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/")).exists() && !forceDeploy) {
it.exclude()
}
}
}
copy{
from "./resources/crafter/"
Expand All @@ -270,6 +337,11 @@ task("deliveryEnvironment"){
MONGODB_PORT:String.valueOf(deliveryMongoDBPort),
ENV:"delivery"
])
eachFile {
if (it.relativePath.getFile(file("${deliveryEnv}/bin/")).exists() && !forceDeploy) {
it.exclude()
}
}
}

if(!isWin){
Expand All @@ -289,20 +361,7 @@ task("deliveryEnvironment"){
"crafter-setenv.sh", "init-site.sh"]
}
}
if(includeProfile){
copy{
from "./src/profile/server/target/crafter-profile.war"
from "./src/profile/admin-console/target/crafter-profile-admin.war"
into "${deliveryEnv}/bin/apache-tomcat/webapps/"
}
}
if(includeSocial){
copy{
from "./src/social/server/target/crafter-social.war"
from "./src/social/admin/target/crafter-social-admin.war"
into "${deliveryEnv}/bin/apache-tomcat/webapps/"
}
}

updateTomcatPorts("${deliveryEnv}/bin/apache-tomcat/conf/server.xml",deliveryTomcatPort,deliveryTomcatAJPPort,
deliveryTomcatShutdownPort,deliveryTomcatSSLPort)
updateCatalinaSettings(deliveryEnv)
Expand All @@ -313,6 +372,7 @@ task("deliveryEnvironment"){
}
}


def updateTomcatPorts(serverConfigFile,http,ajp,shutdown,ssl){
def serverConfig=new XmlParser().parse(serverConfigFile)
serverConfig.@port=shutdown
Expand Down
Binary file modified gradle/wrapper/gradle-wrapper.jar
View file
Binary file not shown.
4 changes: 2 additions & 2 deletions gradle/wrapper/gradle-wrapper.properties
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#Thu Jun 22 19:15:42 CST 2017
#Wed Oct 18 13:46:13 CST 2017
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-4.2.1-all.zip
6 changes: 3 additions & 3 deletions gradlew
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ GRADLE_OPTS="$GRADLE_OPTS -Dorg.gradle.daemon=false"
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"

warn ( ) {
warn () {
echo "$*"
}

die ( ) {
die () {
echo
echo "$*"
echo
Expand Down Expand Up @@ -158,7 +158,7 @@ if $cygwin ; then
fi

# Escape application args
save ( ) {
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
Expand Down
11 changes: 10 additions & 1 deletion resources/crafter/crafter.sh
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
#!/usr/bin/env bash

if [ "$(whoami)" == "root" ]; then
echo -e "\033[38;5;196m"
echo -e "Crafter CMS cowardly refuses to run as root."
echo -e "Running as root is dangerous and is not supported."
echo -e "\033[0m"
exit 1
fi

OSARCH=$(getconf LONG_BIT)
if [[ $OSARCH -eq "32" ]]; then
echo -e "\033[38;5;196m"
Expand Down Expand Up @@ -213,7 +221,8 @@ function startTomcat() {
possiblePID=$(pidOf $TOMCAT_HTTP_PORT)

if [ -z "$possiblePID" ]; then
$CRAFTER_HOME/apache-tomcat/bin/startup.sh
export CATALINA_OPTS="$CATALINA_OPTS -Dcrafter.home=$CRAFTER_ROOT"
$CRAFTER_HOME/apache-tomcat/bin/catalina.sh start -secure
else
echo $possiblePID > $CATALINA_PID
echo "Process PID $possiblePID is listening port $TOMCAT_HTTP_PORT"
Expand Down
8 changes: 8 additions & 0 deletions resources/crafter/init-site.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

# Script to create the Solr core & Deployer target for a delivery environment.

if [ "$(whoami)" == "root" ]; then
echo -e "\033[38;5;196m"
echo -e "Crafter CMS cowardly refuses to run as root."
echo -e "Running as root is dangerous and is not supported."
echo -e "\033[0m"
exit 1
fi

export DELIVERY_HOME=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
export DELIVERY_ROOT=$( cd "$DELIVERY_HOME/.." && pwd )
export AUTHORING_ROOT=$( cd "$DELIVERY_ROOT/../crafter-authoring" && pwd )
Expand Down
Loading

0 comments on commit 27d88c2

Please sign in to comment.