Sign the WAR file to comply with new security requirements

Process Dashboard 2.7 introduces new security requirements for
third-party add-ons, and as a result all WAR files must be digitally
signed. This addition to the pom.xml file adds WAR-file signing to the
build process.

.gitignore

@@ -0,0 +1,5 @@
+/target/
+/.settings/
+/.classpath
+/.project
+/keystore

generate-signing-key.bat

@@ -0,0 +1 @@
+%JAVA_HOME%\bin\keytool -genkey -keystore keystore -storepass changeit -keypass changeit -alias pdash-addon -keyalg RSA -keysize 4096 -validity 1096

pom.xml

@@ -10,6 +10,10 @@
 	<properties>
 		<javaVersion>1.6</javaVersion>
 		<projectEncoding>utf-8</projectEncoding>
+		<jarsigner.keystore>keystore</jarsigner.keystore>
+		<jarsigner.storepass>changeit</jarsigner.storepass>
+		<jarsigner.keypass>changeit</jarsigner.keypass>
+		<jarsigner.alias>pdash-addon</jarsigner.alias>
 	</properties>
 
 
@@ -72,6 +76,7 @@
 				</configuration>
 			</plugin>
 
+			<!--WAR packaging-->
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-war-plugin</artifactId>
@@ -87,6 +92,27 @@
 				</configuration>
 			</plugin>
 
+			<!--WAR signing-->
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jarsigner-plugin</artifactId>
+				<version>3.0.0</version>
+				<executions>
+					<execution>
+						<id>sign</id>
+						<goals>
+							<goal>sign</goal>
+						</goals>
+					</execution>
+				</executions>
+				<configuration>
+					<!--uses keystore in project dir; override with -Djarsigner.keystore -->
+					<!--uses alias pdash-addon; override with -Djarsigner.alias -->
+					<!--provide keystore password with -Djarsigner.storepass -->
+					<!--provide key password with -Djarsigner.keypass -->
+				</configuration>
+			</plugin>
+
 		</plugins>
 
 	</build>