log4j.logger.org.apache.directory.server=ERROR
log4j.logger.org.apache.jackrabbit.core.query.lucene=ERROR
-#log4j.logger.org.springframework.security.context=DEBUG
-
## Appenders
# console is set to be a ConsoleAppender.
log4j.appender.console=org.apache.log4j.ConsoleAppender
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIJAOn32kF0OI4QMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xDjAMBgNV
+BAoMBUFyZ2VvMRMwEQYDVQQLDApBcmdlbyBEZW1vMRYwFAYDVQQDDA1BcmdlbyBE
+ZW1vIENBMR0wGwYJKoZIhvcNAQkBFg5kZW1vQGFyZ2VvLm9yZzAeFw0xMjA4MTMx
+MjU1NTJaFw0xMzA4MTMxMjU1NTJaMIGLMQswCQYDVQQGEwJERTEPMA0GA1UECAwG
+QmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xDjAMBgNVBAoMBUFyZ2VvMRMwEQYDVQQL
+DApBcmdlbyBEZW1vMRYwFAYDVQQDDA1BcmdlbyBEZW1vIENBMR0wGwYJKoZIhvcN
+AQkBFg5kZW1vQGFyZ2VvLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALNi3ZG2IxSvn/Ach9zpEIz2Nn7o/cMY/oUocBL9Pq+gcwBEnAyiC9MaJKDR
+M3HmIFMYrQ/6TdeSBblw1IO7ykeneybWpCEEA7zoK0DquXDRiuEyBWR+mz6JV/ce
+wrVo2bOnAUJgIfYUiEzYAT4j/+3qGUwokBAVbj+KSEnd5TnbMcbhRPzSW+Ghu/FL
+LIevq9BLRPQabLQTNvgVHGHX6iYTls7Y1jJaNe07mMfJOOuf2dfomiie7tMAyXKD
+XFg7vGRkW7kkSdXAvoasTXbmPj1AcxKKUtMqtoaMH0Lvl+4z1j9Zyi6Kg/7GZoE/
+uNZmSdVF/Qpx6VDcFGY8LaqUE9CNJgfvo6El0pXz+KZwV1nMMYLCM/bWSfR9tOob
+oHJW59C/JDGKY+1zEYuMlihGp2i/yM7PTw5Hi/Oi0L7gd55VesgVqm82lPmC1xUL
+bX7zI2lhVth7nMDbhmFMWxNGfuyuRFPNUR0VWhet8lYhrAHOA/r16T6cuKnzunmU
+3f9jmTZCxBD5PuFCCaZkrN2TYCTsI10K2EOXNPwJVPbBT6fkFhqFTU2eFiqcW95+
+e3t/HuGSUF6s/sDmSWJCDttnNKp6zGIGcB6xiUbuRkeV25PQq/UPQvxvBr7Df3I1
+PUneYQjjg4MXx+UvSdoRgPuPARpJBfJR4hVw2A/6MbkEfZ0BAgMBAAGjUDBOMB0G
+A1UdDgQWBBSnHbEv8ezkwPT+5UqmZllpM5NEAzAfBgNVHSMEGDAWgBSnHbEv8ezk
+wPT+5UqmZllpM5NEAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQCY
+ZnF5ThcQfyUsqs7dGEb4j8WmnZ2+swueCp5TqkCtQU/0p63G5VwHoVkZkG9zBR5O
+JFqYO+UX8/jnbAeLfsw1+QW1IDzE1YIgmb8h8/j+erzO3krdEyweH3BcctaP3uJQ
+8AfMf3A6SamwXU96jNoRM6vPlMesM4ec82pTmspp5KSiP8JZ51tgeJm01Yr+WYF/
+3pDRjc0fJMfHfV1jRfVblTkaTYuIe9T+dpjWrh7t1u1M7nvPW6QWj2rbw3X9U/NR
+n0jyA063kskwWyY/uGXGIt+oCFhN323Jr1nQ8ZEJK38apS78xoC0Sxm5HQ6b8TII
+Jtc2YMPG0v2ygzN/lLlT1VnZfz6gPbFSv+otstQC7Kchdi6geQg2omYQVUzUCZEp
+Y8CQZTkXTEsrIaoIz/xn70RQAq8VQL4M42xfG/Z9WN+ype8fr2TMMrn9pRiLsnJd
+IQN5Tw6SwqqPLzfUirki4WY6up4wH11h9xyWeKAcK5rWq5qStlvdYmBDFUmnsXQj
+qdmNe96oZuZibS7+I0VER6/32u/MV2bHK6yXQEswXHrifHFvvq42HBayNdVPQZUG
+Y5Qrjo/19pAFmZFFs694TMz/85GtBnJkKBnciKrru1uzHMYo6Kim++wgPwfXNHXx
+gVYg4+NLjeXv2q178QtGxbKoHkqA7Q3lLEb4lw76gQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EBD71584ADEE8FE7
+
+L7Y9YmFRL/6tpCIskTGAp6St/9xx7dDMaFWk5AGPXk2q1hSV6XPp8m4zrJng2Cfd
+0iTP5G4p9zlceA6cV5lXFtZk9s3H6K38Pr2MtQ7pVMC9ZSXLeM+w1hj48Sdoe/ak
+oMhx9e6NVW9U4Lo4qX1lR4XE7NhdLf5nCAcB1zzwqbah8YnyKvkWjYFznfOz0ccV
+AQhsskfnUDNVB7SBQfvkJ2K5QVH9ElT81D8c323Cs/+7qD1NTEPNDQaB1XtUoTFr
+qMbgQKlGgku0CHpE9mnAfhrDiIox/kPk10jro2mSbeQraRkpxkudvADNEc0MLBUs
+cWfo4GkrvwWyZnFuVCZMjB6vJ8mVIVSZ0AEiTIq/sC+jiIfjSvAsaFdlV7BlUR2U
+KS7mnqivb6kRksyP5Om38MOF79KmxtLl7Cn4bio+qsQLcKBQwNoTqD2dFHVNdoTV
+TjP08xk+80oN0C246ZBeZLqwpfeXD71YQ5fkmw6AulJFr3NZDA6EAm6sJm+mC5fL
+a6JgnXe7ZBPnzzbHgm+8DOWa8kYh7lJ1iYPyg2iqK8O6t2jgl/C69pi6Qc/6NMry
+g6jyp0DnwpZG4P6pgy5fbbEqFOs6RkiFRtsQs88XDEE5tiJBtv9btHFZ16YGXr9V
+OL6/M5FIkHb/VC9+w+9ap0nyH8GtUMgx59gwAWPKbu5PC/4tZMts98btGzF6kV2A
+09/aI1RP79ImWLQtSy5BgjNozJ0biXdz1mSwgvrqz3TGySvwFzVGge1PMbJp+1iv
+XpkZGcS42OmHudDpK36QmWr4xizh8SOZLSW3803Mo8GkDT5xNz9w3xIZiXcXNAKt
+WE6U7nFuUpxvofnGjp9Shljt5HpYjqmB0cl3/y0n9wiZd5WeIYTC4PwmXH6qEyGO
+nh5WYOUNWtpVYHsmq6D0x1T3YXATBCWGFmDwJksnoWb3Czm49NJJpN837HynHcWG
+EBWQXWbzCZPp9C/lgttaOR67/QV6fl7aLx14jSbwWdgtCeQWDzYyL2vPr2m5xYOI
+ZgbYy6ULhGjsuMlD4JZEo2HFtU+5iw0sGTarp5xnB3v8AuiSzAJVGnGF55dcpTJ0
+DNaWv/xUt4s8GJgUPPPqhSibU/O9Mt4O2KxQl9wD424/tDFt4PArlDD2d+Xj29Nw
+2eWP8jlPZ6raAzp7ZFHB+SJBw49LF4ztGzSPWsmIWymBhfx1+d3e9LuqzHfVs83X
+9VjEY/i+xjIdry9Q1FWkTHbZgvYLVJ7fxenMT7nI8PPaecvQ4icEnB1zLGj4wbSc
+eFUsu+LkDb+SJOWh55xWlaiKsa4Qxll/1iHQ5xC2libjZU7sNmK0iJW1hOotF5RG
+ahWVbntVmqmVNm60IneckiQ1SLjlanOcM3QDFddjtmlCQ4OGMO6za8JRXErnKlhS
+I4P8Kzi889H5c9Y7l0GBarvdwrolWjgi80UHXkiNy6tU/3kn9+PB6RNZqzdng6dF
+dk4pQtqlEEkSBqqlPOXmRvDX+Ka60laDPzKefXrTjG8Y3EimRA7ngwhZMeONGMM9
+08wQI5lBVTJHvhFabnbbu1C6r8jd3es0u9AhXqI1WhILnR8DW/FwQFMLdIynYh9H
+41NLHCTaWslYlfBhAao+wnqL2BEN+fz2vxr27jZiQaovYMOA/0flH2rfcCigUtog
+EhVPCn4b5+qUZYux2RkBdhkJu2raJc6dtlTtsl/5KjHTe5wd0C3JeK/S0AaSeJG9
+/0xZvWcW4kVjovat9JPtuB6YDMH/gWmJby607iozF5z76rUAKmhObVNkW3C6+g1f
+ecpl7h6F5646oRMBh388sIYCfWtgYqZcuOiFylzDf0ZCAUlKMHIvQnbedHFu3VIS
+JK0teqwmIAmcsS1a91gn9N8GBVkzmf4BUTVXgWMQjtPJTCz4ZyFJvHHMrq5Ojocp
+/1sSU3iK4DuKeHRU5jr1c0YrGfREK8Gqxw1Ieh9Ah56zdWiGhXrlR5TH1mJJ0uFR
+ADNu/LoijVdLuJGMUneWS7qmPhLkzPv04sR2Ed7n7+E8Xn29lCgA68z5glaLEG8K
+HtlUGwNocnorrx2snQ77irbL+u4Qz/dfjJHmKu0JQvhM3XECqfQH3KLwmTnl0CxY
+zve3mlRV9LkVmOFINWH+bK+BiNBmgtm9mXRFyTQK3yUfqi/u3Imj1a3h3IL1S2rT
+IU6jkcoEvEQTmNiLIUg3ontwrHXm0kQA6RRccP6jYCAN4ao5iy9BfmDOmoOfdYuu
+qLrsB9JUuGyqEirrrApaNRhKNdJx8viVB9NDEO699CRMiEq0vIQqEBnsqmiq6hC1
+rJ+2+IGwa2Jf9qYtiCvGw+xaB0+x+nlb0uy9b+orzlKwX3UlUIs/AongtIcYe+BK
+Dwe+0yJ1gpkWoykR8hjx1b93QdTjamofqk2YJyBFUdrnn3lPJKvNyW2SgF0ZpkjQ
+ck1vo+lpZsvsXM8SbIJHfk0Mqat/BikB6bNXZs4FD6gn+dtPWCgPIDfYqhq+qe00
+zx2ZETYV9FRflZfIBg8xPJwj33NPO7j1HStBgtLSxLulkg5aVnpf/Qt5plgF+Ifs
+lnK9AYm9ah+3CbhOT9KoxzuNDOIbFlPkpUiC9v2bTtEE+mQrE4tag3L8IYzdaZCZ
+lgyPVnp1TQ6AiU/z0EkWvKTzcxcd8ujBjWk1NEaiNEowfxfB0CDnLaA0IN63pVwq
+H8QfQlIbAKKhRc9A7uoXrhO0YY0H2Sahd2AZnQkLPdUIUzp/JbeKC9JpmRnIF60C
+vdl/mUa5iqU3MihYOl9ykSD4V5iRYiB4QTIzF6TlyWW5RtrZh5m0jTFdh9D9uoro
+9HOs+ObdQg8UyBUQpII3ATr9Rf5r5uIml1ktbj97X7yBmdVXM8hHjkN7CzDHgWLh
+stbNBpoMf4dVaRHDm/wGn0jfqjeSUzEbnetpwseUbmiEjTXrYDyZ01Cf9gLq/8gs
+mqemNwLz16tGede34zQc5vHChEc3xJqbBIR5y7TCcDnEFDwKKLk3V5YpaTTLqT+y
+b9Espm2OovhBHQKDWqg8L5CRi1QTwyIjZHo++OlVlIslbsQlbqqkADBLhQcSB44i
+clxNml0TiqSYlY55MfBqmt5fbPYHI91Eg+/RbkfaW7supPjI0meS/idWX9r2FHLM
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3ACAQMwDQYJKoZIhvcNAQEFBQAwgYsxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEOMAwGA1UECgwFQXJnZW8xEzAR
+BgNVBAsMCkFyZ2VvIERlbW8xFjAUBgNVBAMMDUFyZ2VvIERlbW8gQ0ExHTAbBgkq
+hkiG9w0BCQEWDmRlbW9AYXJnZW8ub3JnMB4XDTEyMDgxMzEzMjM0MloXDTIyMDgx
+MTEzMjM0MlowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNV
+BAcMBkJlcmxpbjEOMAwGA1UECgwFQXJnZW8xEzARBgNVBAsMCkFyZ2VvIERlbW8x
+DTALBgNVBAMMBHJvb3QxIjAgBgkqhkiG9w0BCQEWE3Jvb3RAZGVtby5hcmdlby5v
+cmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrOC1BS1Qotq9D5NAg
+5761ATNjMNMsg3SFkbnVIY5bzraY+lxs2qW5I9BXEHGDIGXJoden8VmBI7Bd5vCE
+8yNu8VlhfwNOuDF2NQVCSzUU7LUzJuEW/CBo1zgES2RYaH8Rt6+/4VVEm6DFI+Dr
+7GVeJh/f2LIZuKvurz8wyxvbGAXeF1p6lerS5/Qw4JE/wgVLCecD92WP3zbMyj3I
+Of9njNJQ8w8lNVcu4LX0pNQHFyTotasMPAgnu6YZ9uWGjwb6fItl8JbFZSuQER1B
+d7stjbzvcFCBJ/ZdWm237nqfQXLakOqJvUEvzo1cVcDW8slTX/Ird2LKN5VslPyV
+pBxRUT8FhOANVnGP6E4iqhRMYyRW1i0e9+QRvhhwVIrC6NpMCYnZm3DponNIzZGF
+B7cHkT//vS2w4r5OtLVb2RleXGzxLag6GsVNyI74Abi4bsM/H+9CKN6NsSXn07BB
+kJERdOBO80L9W7zFhJ3IVRCIXGujCcOF0WZAareWESI1CVOPMgC32xdBbw/IrnGv
+dUc5BdsOInjsOcO17LbsNpEDQQavF5SUR1SLAmsrftQoYqtsBjzCiVcAFCOF8lwk
+lcEEWLSRwCOEtsieBtxKz7UvizFPn34iqvUwoN5BdceJQVry4wjXfraScIjnrHv8
+/6pvW/N63WJJODhQVEK499BM9wIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAy1dBM
+ViLw4/eBUTtpZvlMotw0booS6opEKxAUuC7YDMkKwW4rqDxJTpyVKgC61q4Q5wyH
+fripqwJPgF6+aqDlRE3YHbHFHq+iKYSD582MIy7Bb1kmqvw+CkSWgaZFJiRuDT/2
+QCdEcWPYFRWP23/GuNZurd3M8GA+7Pd10XnqYbZgXLAdVVz+I4JzFT9KReVOY4Ne
+ZWSnzXb092FCpy/REUg0vUKKze5GzCiBfTTEAb4CpnY8HHlvcBsL2tNABhcP+gu2
+b7/LlhRZqlMaidJhGz2UH6WqXWweYce7ldpZ8khuxF2Rbnb0upIUuJgCKeJ1HckE
+JIVTiOJ7ZV2KSphpkVgiGqJidonTPOY46lihk0ZqGnbXfHXtI4JYKorLikefztS6
+8ExVVpbHZpTz9plqxc7/VpNqLGLwwDXRkIEMBR0OgIecVnSTe5vCdFnGZACwqHa4
+iy4hDmf6iBb7CmOAcP5W0w3yZ/p/jrc2K2lKglcU161pR7uCsStLaRh5Mec9MGpx
+K38Qaecm8NtC06I5aCPMA+5UrXdrsNvmeKZUwaztskkBzV9RibW/ogfoZeDpCh66
+HHG4Tgpkra4X82D6g71Mtkl3ez3tlFiUR9K0cuxtDxwaavPAmUo7tKOAG1UBgRlS
+t8DoCPRbx0o98O/x6g37H1UWe4sEiQSUaW1LiA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEzTCCArUCAQAwgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzAN
+BgNVBAcMBkJlcmxpbjEOMAwGA1UECgwFQXJnZW8xEzARBgNVBAsMCkFyZ2VvIERl
+bW8xDTALBgNVBAMMBHJvb3QxIjAgBgkqhkiG9w0BCQEWE3Jvb3RAZGVtby5hcmdl
+by5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrOC1BS1Qotq9D
+5NAg5761ATNjMNMsg3SFkbnVIY5bzraY+lxs2qW5I9BXEHGDIGXJoden8VmBI7Bd
+5vCE8yNu8VlhfwNOuDF2NQVCSzUU7LUzJuEW/CBo1zgES2RYaH8Rt6+/4VVEm6DF
+I+Dr7GVeJh/f2LIZuKvurz8wyxvbGAXeF1p6lerS5/Qw4JE/wgVLCecD92WP3zbM
+yj3IOf9njNJQ8w8lNVcu4LX0pNQHFyTotasMPAgnu6YZ9uWGjwb6fItl8JbFZSuQ
+ER1Bd7stjbzvcFCBJ/ZdWm237nqfQXLakOqJvUEvzo1cVcDW8slTX/Ird2LKN5Vs
+lPyVpBxRUT8FhOANVnGP6E4iqhRMYyRW1i0e9+QRvhhwVIrC6NpMCYnZm3DponNI
+zZGFB7cHkT//vS2w4r5OtLVb2RleXGzxLag6GsVNyI74Abi4bsM/H+9CKN6NsSXn
+07BBkJERdOBO80L9W7zFhJ3IVRCIXGujCcOF0WZAareWESI1CVOPMgC32xdBbw/I
+rnGvdUc5BdsOInjsOcO17LbsNpEDQQavF5SUR1SLAmsrftQoYqtsBjzCiVcAFCOF
+8lwklcEEWLSRwCOEtsieBtxKz7UvizFPn34iqvUwoN5BdceJQVry4wjXfraScIjn
+rHv8/6pvW/N63WJJODhQVEK499BM9wIDAQABoAAwDQYJKoZIhvcNAQEFBQADggIB
+AC9kNx1on4Twa7g0WvtRloBHxmXVxbhHaQtwQyzDarwhW973hLrJ5/5+wKzUoofe
+lw1moerhxQ9SWR8ZnlqLUj6aFZQXUi0754kVfEjmp762EByBciZg1RzgIK4YX0ln
+Sl1I1un/1rnLZo4YXay1uj0ZP99Iz/9uZK4WhrCkuYDwBFaeYDIEvG0MTwwf4hc+
+2f8xGxJ3/y6qyIe7VR2hCu2jsBGurHhf3dNVNr0wHLfpMtp8vGi7tVs/u53Kv/2P
+X1p/UznzZEbm928LAEtKGRuawlER5PVV8APFP0sy8FcpLGV0mD3eJCWFvOWz+/y5
+w3uSamgkuCYAdypxPSZrXEOrijZXDGfO8hFQfjSArD0eHf0XXx887ImVBmn0S/Hf
+lcmLdLI2Q/Ku5HEOGKGV9PsuZCcvyIlgOM0mMhmfHNbTZ1/xIq2YsI0t01RdfHd0
+zDWNxRHazBjrHhDs1gGlwcgHDswedbg6vu+q/kVrw2U2E4u12LzK3XvA1BZEidmI
+rEF/07WGRZoXndHitWeQu/lAEZbuI6h2qIJnjjI9VcAVqhDKhHXjGA1ZLBhqz1eh
+QdBEM8atOBg32l/I8GtFXTsauEkAe6hYUnvI9DdQIX+X5AInO8NsOUNNzOmmNpIG
+fxez4kWCC5zIZbSqCX7qDqZswfVdgEYLhElQquRbEDHH
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B121EE89E94390B
+
+EjQARpI26YQBaqJdsM/qRqB6isTEUhNnYbKGzUpRql8bSKdszmrcxVW2eCzdPPeZ
+O8AZmg0lhRguxqRFxuHHd7hP+l3QUJRWy9FbR3Lr/x3r2FFVU6tDqt5yTNveF/Np
+1EL+vz9SE0QA6mUTE1kruLVQLrruPE78nztchdZREO/QmKk13x7ljotbRlgN3EyC
+NfPaVIyHAN9j3PqPVsNbsrFZvdo0HXWbd/zy1Zh2BGepxeCOYu2nSNQsZmaB1QjX
+rQ/g86hE35PcZuvMSjXkGYXf4mhzTWlt3h/o0mfVC+1iMTLmb0V/XP0DitIDmApL
+PM4yEfD0icg5Y9XDhbONHe1NqaI++Pq6Pz84PrxPziNREg6dUsqZDRDdvzXnogOo
+XKZ1yZBYtBt/4eptpWBd6xS8pIaNlUEApaVkNCDnnoniffxu/xVqZ5d9DcwoqImU
+IMZahuDzM5+MrFuu3BjxtQtU4mfytQ521P2NZb4wlVI+7TnveZ2sqTosj1QCX9E9
+4jh/SBi+D27wg0AAQU0eK3PVGrUZxFUCldqSfv8pABWyv+alRJ2ooUu5KLybu/Fi
+WAajrdWxwDrtqpxm9FWEW+0R4dXhr5EVmfOvTgGOsZT9fdDiAlfZiZHHs4JGG5yP
+ueUTsBgjlWoT7vmzxLNtjbJ0dlgYZzVpISbEH+kEXXzgwULF9s8CEptJ1m6hztZv
+TigK5WL09WSBbZiJZrY1tZxbWgJfL5TsI0V43qY3QzhtBPZTzlNlqzIwLDsexx1s
+AcG/B6FSTfzokG7KQJ5yN8empKFWggDEihGqDf0CpBnodSWwEEN00Ue13Mb1G+DR
+iPEUuZioiuuXJGcsr6OS/bY5NIu+bV5gyFNohzHN2ofrthaiU2hmIG2erAdtrq3C
+rxxmG4zRPYx+g/kjHEMaDnkgbtpa1f/inN7q+AbvvnV6w0I2lUsrI6Q8BcuDiRmr
+IUXPLMMFFWEEyiYatWAa9taGsKzN5k/lIw+09iFiAjuy86cvnTrWVAl8zns/pbJG
+mwv0LtfW13nYaOdkP4FknR8jDffIWohyfCaGf04zjWHbSBFMe/8mMv+6PY6RM0Wm
+Ye4e6VwCg27iLSQfH5+bTKzKvAZzSdUFCwHB04r/yO9+XpNFwMKWxmSWvSUldJC8
+2LjdR87/MCVwjHMOXwQfooJNdQXGJAwAr/VL4F7sq7dl+ndOg97W9tCkr92hPLsF
+oLTNJrmPAY5CTKGPYsfUiKsLbfr6hmzM4vPui3PnKISlu7z4TWl8WOWJraR1SOn2
+pw0waZc9BrzIlXSKR19wVOznBmluFBTFtofR9k9b/XleF+gelyQuU7bVCC3mz/ej
+hzL4xJT8UCz+qoHK53icNceBtjIKazd/MD4GFKyzzGDcR2He1oa9c195flwW3o2p
+bUGsITKBQO6n4YqMXQIypAtiEaFTVcyi1LQYw/ojD3s5RWvM8/PP0S9FnGVJOPSO
+isiFcJEjshMfflyhfGjdSvISzaKXBv+JCLlxNjblmCxZKPSFTRsND0ddeLnjNdl3
+C2xXr/nrh6f2cglAEWEGKKLR8/hFGop59JeGS7GJxWfqO4JEEZJ+spzkyoduqIJO
+FCZpb+mkXbalWhUDXd3QubXLY4HfNHJ33kZKFdbuARVirdMEZgS40KLOT7LL2MtD
+QrhgRJftw4LXkuHgxXH3KauDWXWHOssxq0ZIRo7wzLRRN2I0Wu5eptb5rIDSI3Ta
+i0WLkdzkRkhiCQ6bp8jo8Dhlld9pqprDLdMfP/ztObAnj3aCA7SoZlSI0upeUpJq
+ksFhXfDRppBvkZnOSUa0SaiF0gn2ApbbeJHsikZDYA9OpqaRJmghNCkv8/4oN9DJ
+LA1pYU+M5bVonmf54EVqjwxgl7yIOU9kKa8HIGROPqUL0eVAYZwfi6ryA82ZMs2a
+FmncGPjqdVBRD/er9+eNLhr2oN4xGU+/rFutMH+EOG7G8moxMNMJk5KHK4Av1Bz0
+mFDT/WCEP/+mtxSq9iMplXpVP+AycCReuLkq/Vh+Y8BFwyLvzoSytNEAeZo8EMjy
+9hLYzUARePAQmFPLazR8mxeh/eRcxBNPWrWY4BpUv7oaVYx3+lkWbgUtPEQKBwqL
+cYeFZzT2XEwlmoUy7i39hjrX3eyBL/JLH9wcke4+0ASIR9bKAM+auEkVgiY85wC3
+c8uQxvAIwUd8vwRr73YxlNACpagmUGWnsyPo6UbKi599F/fHiD+okXpmWArb5Tya
+m3MLkgLpSepBk2m51Ek2TO7F14sMe+AcuSnFaICYfsDsZwRfy36oFIgrYp3bPKZF
+/UPU7WS4N7YfeCwHtIPKSyhnMMLUHvQzUSHorsVAfievW6fatldszMdKKRz9I+v0
+wVtUOwBB56PPFvihm33nfu1k3F76Dwezw4xMj5SPX/7S5BazDrlh9TWbpeVUEJY1
+9R6EX/LIjmpUishVkf4QZMGlBAD3CHdHN0L0fGkPvBV9bnVwq4NfrkKc/Ppb+6V+
+hHvlpCEAjLNT4bQ0kYcdcbDtBh1Jl38DGCnSrkBs6BpTQBzuSa1+WH17jUy5735g
+H7SRFmqwVDLF5C8St83cS1GxiVdk4hwFQzbmk45QYHucmj3J4gA5qqkLPomf8Rea
+mxqjbP1F294UXGuwOd3NQ2MqD7Csy1yjh9y6hN7hvy4CMsiB2zvkPBlFwV//DWbR
+OXlX77Jh7V9GNP0eMgxhjon6NeAgfsPpvhJ/49HWlOqqoBcc/HDV+fL1AJEQcSDn
+tlbO/j8dtd9kvULm+MCxMQvTWPbM6+aNJeTFw/2PCEquhfDf/QN6WHgSRph/43za
+DlSWK7xSs5dTp77Tu36oLN7agRAyN4H2hpoFs2TeORrgfheaLR67ULb3M2tL+Hgq
+mHrjKLXVRcEDG1I/DPhuD+jdMoBfoxxf3JKn72NWn4j1A/n59nbvtZQdgzrvI+1a
+l1nbl/z45HZUQyNgDshPXTsHRuA+4tp1J8WSk0NjYW47P8ZuolfQMGMVtUS8NAal
+Jk1tqhBhBIpcHucFrON+6gznT5OP+IxUPqHVMzqp5SJDSsgRjTkfQXJHdM7cWKym
+H4/wYx5CmYg8FzD7XN4t8fNqNMUeuVCWv+OYxC4quiEqWy93ijGQnxFdFW9HZNCC
+-----END RSA PRIVATE KEY-----
--- /dev/null
+# In demo all key and stores passwords are 'changeit'
+
+# Create CA
+openssl genrsa -des3 -out ca.key 4096
+openssl req -new -x509 -days 365 -key ca.key -out ca.crt
+
+# Tomcat Server
+keytool -genkey -alias tomcat -keyalg RSA -keysize 4096 -keystore server.ks
+keytool -certreq -alias tomcat -keystore server.ks -file tomcat.csr
+openssl x509 -req -set_serial 02 -days 3650 -in tomcat.csr -CA ca.crt -CAkey ca.key -out tomcat.crt
+keytool -import -keystore server.ts -file ca.crt -alias ArgeoDemoCA
+
+# Root User
+#keytool -genkey -alias root@demo -keyalg RSA -keysize 4096 -keystore root@demo.ks
+#keytool -certreq -alias root@demo -keystore root@demo.ks -file root@demo.csr
+
+openssl genrsa -des3 -out root@demo.key 4096
+openssl req -new -key root@demo.key -out root@demo.csr
+openssl x509 -req -set_serial 03 -days 3650 -in root@demo.csr -CA ca.crt -CAkey ca.key -out root@demo.crt
+
+openssl pkcs12 -export -out root@demo.p12 -inkey root@demo.key -in root@demo.crt -certfile ca.crt
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFdzCCA18CAQIwDQYJKoZIhvcNAQEFBQAwgYsxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEOMAwGA1UECgwFQXJnZW8xEzAR
+BgNVBAsMCkFyZ2VvIERlbW8xFjAUBgNVBAMMDUFyZ2VvIERlbW8gQ0ExHTAbBgkq
+hkiG9w0BCQEWDmRlbW9AYXJnZW8ub3JnMB4XDTEyMDgxMzEzMDQzNVoXDTIyMDgx
+MTEzMDQzNVowdzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ4wDAYDVQQKEwVBcmdlbzETMBEGA1UECxMKQXJnZW8gRGVtbzEh
+MB8GA1UEAxMYQXJnZW8gRGVtbyBUb21jYXQgU2VydmVyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAoF1IzT1815UMzdlvMRkCUy/ISfwArbmGAvv5H1LP
+fPXF+YF6EpjKj74JwHhMGoB1j1BUvem5TeWxszU/mevmFCWvrmO83lBAlSNRX6iJ
+m3np3s2/rrtZg2WUu95ZGkRQ1elPRU9KY99rK+NlJH9X6Y6Bfoi5//OAyeZ+kIxx
+39sYXazAYYS9h+8D1mtSHoSFgLMy73gu4UIeon+GW6PbB+E6kQVlRjumBqLtj6a9
+t59T+coc4UStqmFCuPiZuMvbijS0ZBJxuNcaYATcCIjB/S0Pktfyjgxn3HzCLVtP
+KRskGHHfoxje5QHbH5sE5lEQPMFxuuj5C/9eCKs5+8ob06gNVn4u2SB27mLpafqY
+nJxAhGIqRymZSNwf0Nq7GcUj6OxPCzGG1RBV2Add9YpL4rWAeL1ftdNjRmvDwFpb
+dsY9fO8Oh+sKKsrypQZ0BAHWs+wWVHbgHWHLCv2uky43VRSM3kqBhNcHyc+PWjga
++/5M+dqIyi9onoyrZ/dj+KaS5gS5u5dcpjoweb78r67+hJUw02VzZCXZdZZaadyi
+zTQ8SeGzob47TAgQ15r6PGcSYPhqcEnlu6FoT6IYWh55p1QjAGHmZs3GF93qhwM5
+/9i420gEvqZNegdOTVx+Q2s9VHV7QlMbAKXOaP0degikt5mQPrmmtikAFiwx4/Aw
+Gr8CAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAXEIZ1OpNWguFWdVn5ksTsw/tpm5M
+cTKBleyXNORrtAwZOo9+B60lRjdeOXGt77UAE5O/0EzR1DoUWs4btOHbHQEVNszM
+1GzudWuWawqcDpAaUKaXL0XjQ+dG1apDbq3MbEONkq1AjBtn3gUL4+Q+wFL6+G4Y
+sfAZkws2CQr1j0gTphAkbUDMtxJdOxSZybhTNgi5oShN46NljMvO9hhSbLMKAPrf
+hyEuyznSoGI3/9KVjK7dmmGAI/ieYc8mU1UIyEVUZPoECSBUJ/T7sFilbL6cFAsf
+IJIdvoBt/aW0+uVee0bZ1hrvYMbgj+Z6FzU7OX8mIbj0Sx9WD8kyoDgJjJ5AbVnQ
+XSlFh1WY99XurhokWtphs1Bmpk6c6alRV46NoAZey6c7UK7ugoMM9NNc+xD1+aK2
+k2bRFhu6LTeF5gyV3w9DA25CnXu7qZ6QiZ8Twav4GAPZIsKXqBx8+hEPN7QN9g0Z
+TlmZ0O25CpKRuYMjP6UI5DX3CvTI+UvlEZL5N9apOnTGh9FE3gkmy1I2gaVcuaW6
+HMXaRiMiZNPL/lJx8qgP8j1upiEtbmaL7bxYr1cql2s14YJJyfaoI26D8NGVkYSb
+BWSLhcjcL8TEwZ09r1geL7xodxov5h9KrgctMvcW7s/Co5xw9xIy8ktlanzDmaTV
+UjYW8C1Sk0eMSMM=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIEvDCCAqQCAQAwdzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ4wDAYDVQQKEwVBcmdlbzETMBEGA1UECxMKQXJnZW8gRGVtbzEhMB8GA1UEAxMYQXJnZW8g
+RGVtbyBUb21jYXQgU2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoF1IzT18
+15UMzdlvMRkCUy/ISfwArbmGAvv5H1LPfPXF+YF6EpjKj74JwHhMGoB1j1BUvem5TeWxszU/mevm
+FCWvrmO83lBAlSNRX6iJm3np3s2/rrtZg2WUu95ZGkRQ1elPRU9KY99rK+NlJH9X6Y6Bfoi5//OA
+yeZ+kIxx39sYXazAYYS9h+8D1mtSHoSFgLMy73gu4UIeon+GW6PbB+E6kQVlRjumBqLtj6a9t59T
++coc4UStqmFCuPiZuMvbijS0ZBJxuNcaYATcCIjB/S0Pktfyjgxn3HzCLVtPKRskGHHfoxje5QHb
+H5sE5lEQPMFxuuj5C/9eCKs5+8ob06gNVn4u2SB27mLpafqYnJxAhGIqRymZSNwf0Nq7GcUj6OxP
+CzGG1RBV2Add9YpL4rWAeL1ftdNjRmvDwFpbdsY9fO8Oh+sKKsrypQZ0BAHWs+wWVHbgHWHLCv2u
+ky43VRSM3kqBhNcHyc+PWjga+/5M+dqIyi9onoyrZ/dj+KaS5gS5u5dcpjoweb78r67+hJUw02Vz
+ZCXZdZZaadyizTQ8SeGzob47TAgQ15r6PGcSYPhqcEnlu6FoT6IYWh55p1QjAGHmZs3GF93qhwM5
+/9i420gEvqZNegdOTVx+Q2s9VHV7QlMbAKXOaP0degikt5mQPrmmtikAFiwx4/AwGr8CAwEAAaAA
+MA0GCSqGSIb3DQEBBQUAA4ICAQAs7DPJFRFw3drBpZ+cRXVQIybwYHYfKUPZEOGTX+mFgIgp8qfb
+k5IiTZW5JCj3sbskDUfWRcolCpyapUpB2eNej4Fs7Ry1PzwkzIgY1rMlSUnc0oi0JFpYT541RmWP
+o1e1j6+nEbVaRDZ/qk+vgLg/uCpuMwwdXYNOnax9mmCtXKjdIpwKG/WwqtB7ydDS0AszaItvwM5L
+IRAxuM0FteHYc9b5JCS762UpdJcaDTmvBOOShKG7mMSpFFoFlRThE7+kIQYDiV0pUas9odCEAond
+69sOLy9vIdpi6UHB0kEHB5DzEMlkOI5VyuAgsRQXlzxQKyYDS/PZwrR0+aFRq42ErMkmtFrC9kxG
+oDgFRhSHaej34ifM788x1c1oSq/dcy+DwuhaCXgdaTwnMKQVPQo6mHis6WL3DF8jf2EWJMlxvdw3
+0BwNRNSDAS1wN3jO+fJ7amWPa+OmdbYJB68dFNoSDDWW6Se0NJfKm4QBR21ipVlcC2Bk75s3HBRN
+KM8zV7UHQEgZnptatVtUKgiM3qSVbRxHP/miV/rVQpXAhE7z7ixAclx145piueIs0Jqxr4BgQFMd
+Vxeb4brcYk/3nrRrLKgVhVcywMb1V4YYXKuHIKR+cbHEk/lJ35UfEtCOeUKXyLoavbhoA7Ujfeqg
+0jp+vpbTHSFA6BG6ZUhL6FY+oA==
+-----END NEW CERTIFICATE REQUEST-----
<property name="providers">
<list>
<ref bean="authByAdapterProvider" />
-<!-- <ref bean="preAuthAuthenticationProvider" /> -->
+ <ref bean="preAuthProvider" />
<ref bean="anonymousAuthenticationProvider" />
<ref bean="rememberMeAuthenticationProvider" />
<ref bean="ldapAuthenticationProvider" />
<property name="key" value="${argeo.security.systemKey}" />
</bean>
-<!-- <bean id="preAuthAuthenticationProvider" -->
-<!-- class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> -->
-<!-- <description><![CDATA[Pre-authentication]]></description> -->
-<!-- </bean> -->
+ <bean id="preAuthProvider"
+ class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
+ <description><![CDATA[Pre-authentication]]></description>
+ <property name="preAuthenticatedUserDetailsService">
+ <bean id="userDetailsServiceWrapper"
+ class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
+ <property name="userDetailsService" ref="userDetailsManager" />
+ </bean>
+ </property>
+ </bean>
<bean id="anonymousAuthenticationProvider"
class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
favicon="branding/favicon.ico"
body="branding/login.html">
</branding>
+ <branding
+ id="org.argeo.security.ui.rap.branding"
+ servletName="clientauth"
+ defaultEntrypointId="org.argeo.security.ui.rap.secureEntryPoint"
+ title="Argeo Web UI"
+ favicon="branding/favicon.ico"
+ body="branding/login.html">
+ </branding>
<branding
id="org.argeo.security.ui.rap.branding"
servletName="public"
// around too long
RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout);
+ // Try to load security context thanks to the session processing filter
HttpServletRequest httpRequest = RWT.getRequest();
HttpSession httpSession = httpRequest.getSession();
Object contextFromSessionObject = httpSession
return new Integer(result);
}
});
- //logout(loginContext, username);
+ // logout(loginContext, username);
} finally {
display.dispose();
}
<bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/webdav/**"
- filters="session,basic,rememberMe,anonymous,exception,interceptor" />
+ filters="x509,basic,rememberMe,exception,interceptor" />
<sec:filter-chain pattern="/remoting/**"
- filters="session,basic,rememberMe,anonymous,exception,interceptor" />
+ filters="x509,basic,rememberMe,exception,interceptor" />
<sec:filter-chain pattern="/public/**"
- filters="session,anonymous,exception,interceptorPublic" />
+ filters="anonymous,exception,interceptorPublic" />
<sec:filter-chain pattern="/pub/**"
- filters="session,anonymous,exception,interceptorPublic" />
+ filters="anonymous,exception,interceptorPublic" />
<sec:filter-chain pattern="/j_spring_security_logout"
- filters="session,logout,exception" />
+ filters="logout,exception" />
</sec:filter-chain-map>
</bean>
</property>
</bean>
- <!-- Integrates the authentication information in the http sessions -->
+ <bean id="x509"
+ class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
+ <property name="authenticationManager" ref="authenticationManager" />
+ <property name="principalExtractor">
+ <bean
+ class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
+ <property name="subjectDnRegex" value="CN=(.*?)," />
+ </bean>
+ </property>
+ </bean>
+
+ <!-- Integrates the authentication information in the http sessions
<bean id="session"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="false" />
</bean>
-
+ -->
<!-- Processes logouts, removing both session informations and the remember-me
cookie from the browser -->
<bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter">
org.springframework.security,
org.springframework.security.providers.anonymous,
org.springframework.security.ui.webapp,
+ org.springframework.security.ui.preauth.x509,
org.springframework.web.context,
org.springframework.web.filter,
org.springframework.web.servlet,
<bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/ui"
- filters="session,basic,rememberMe,exception,interceptor" />
+ filters="session,x509,basic,rememberMe,exception,interceptor" />
<sec:filter-chain pattern="/basicauth"
- filters="session,basic,exception,interceptor" />
- <sec:filter-chain pattern="/node" filters="session,exception,interceptor" />
+ filters="session,x509,basic,exception,interceptor" />
+ <sec:filter-chain pattern="/clientauth"
+ filters="session,x509,exception,interceptor" />
+ <!-- <sec:filter-chain pattern="/node" filters="session,x509,exception,interceptor" /> -->
<sec:filter-chain pattern="/public"
filters="session,anonymous,exception,interceptorPublic" />
<sec:filter-chain pattern="/j_spring_security_logout"
</property>
</bean>
+ <bean id="x509"
+ class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
+ <property name="authenticationManager" ref="authenticationManager" />
+ <property name="principalExtractor">
+ <bean
+ class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
+ <property name="subjectDnRegex" value="CN=(.*?)," />
+ </bean>
+ </property>
+ </bean>
+
<!-- Integrates the authentication information in the http sessions -->
<bean id="session"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/basicauth</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/clientauth</url-pattern>
+ </filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/none</url-pattern>
org.springframework.security.ui.logout,
org.springframework.security.ui.rememberme,
org.springframework.security.ui.webapp,
+ org.springframework.security.ui.preauth.x509,
org.springframework.security.userdetails,
org.springframework.security.util,
org.springframework.security.vote,
<?xml version='1.0' encoding='utf-8'?>
- <!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version
- 2.0 (the "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0 Unless required by
- applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- CONDITIONS OF ANY KIND, either express or implied. See the License for
- the specific language governing permissions and limitations under the
- License.
- -->
- <!--
- Note: A "Server" is not itself a "Container", so you may not define
- subcomponents such as "Valves" at this level. Documentation at
- /docs/config/server.html
- -->
<Server port="8005" shutdown="SHUTDOWN">
-
<!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener"
- SSLEngine="on" />
- <!--
- Initialize Jasper prior to webapps are loaded. Documentation at
- /docs/jasper-howto.html
- -->
+ <!-- <Listener className="org.apache.catalina.core.AprLifecycleListener"
+ SSLEngine="on" /> -->
+ <!-- Initialize Jasper prior to webapps are loaded. -->
<Listener className="org.apache.catalina.core.JasperListener" />
- <!--
- JMX Support for the Tomcat server. Documentation at
- /docs/non-existent.html
- -->
- <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <!-- JMX -->
+ <!-- <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ /> -->
-
- <!--
- A "Service" is a collection of one or more "Connectors" that share a
- single "Container" Note: A "Service" is not itself a "Container", so
- you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
<Service name="Catalina">
-
- <!--
- The connectors can use a shared executor, you can define one or more
- named thread pools
- -->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!--
- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at : Java HTTP Connector:
- /docs/config/http.html (blocking & non-blocking) Java AJP Connector:
- /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define
- a non-SSL HTTP/1.1 Connector on port 8080
- -->
- <Connector port="${argeo.server.port.http}" protocol="HTTP/1.1"
- connectionTimeout="20000" redirectPort="${argeo.server.port.https}" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool" port="8080"
- protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
- -->
- <!--
- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the
- JSSE configuration, when using APR, the connector should be using the
- OpenSSL style configuration described in the APR documentation
- -->
- <!--
- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true" clientAuth="false"
- sslProtocol="TLS" />
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4" />
+
+ <!-- HTTP -->
+ <Connector executor="tomcatThreadPool" port="${argeo.server.port.http}"
+ protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="${argeo.server.port.https}" />
+ <!-- HTTPS -->
+ <!-- <Connector port="${argeo.server.port.https}" protocol="HTTP/1.1"
+ SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS"
+ keystoreFile="${argeo.server.keystoreFile}" keystoreType="JKS"
+ keystorePass="${argeo.server.keystorePass}" truststoreFile="${argeo.server.truststoreFile}"
+ truststoreType="JKS" truststorePass="${argeo.server.truststorePass}"
+ clientAuth="${argeo.server.https.clientAuth}" /> -->
+ <!-- AJP (for proxying with httpd) -->
<Connector port="${argeo.server.port.ajp}" protocol="AJP/1.3"
redirectPort="${argeo.server.port.https}" />
-
- <!--
- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host). Documentation at
- /docs/config/engine.html
- -->
-
- <!--
- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
<Engine name="Catalina" defaultHost="localhost">
-
- <!--
- For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to) /docs/config/cluster.html
- (reference documentation)
- -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!--
- The request dumper valve dumps useful debugging information about
- the request and response data received and sent by Tomcat.
- Documentation at: /docs/config/valve.html
- -->
- <!--
- <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
- -->
-
-
- <!--
- Define the default virtual host Note: XML Schema validation will not
- work with Xerces 2.2.
- -->
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"
workDir="work">
- <!--
- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html
- -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn"
- />
- -->
-
- <!--
- Access log processes all example. Documentation at:
- /docs/config/valve.html
- -->
- <!--
- <Valve className="org.apache.catalina.valves.AccessLogValve"
- directory="logs" prefix="localhost_access_log." suffix=".txt"
- pattern="common" resolveHosts="false"/>
- -->
-
</Host>
</Engine>
</Service>
-</Server>
+</Server>
\ No newline at end of file
argeo.server.port.http=7070
argeo.server.port.https=7443
argeo.server.port.ajp=7009
+
+# Used only when SSL is activated (uncommented in server.xml)
+argeo.server.keystoreFile=../../../../ssl/server.ks
+argeo.server.keystorePass=changeit
+argeo.server.truststoreFile=../../../../ssl/server.ts
+argeo.server.truststorePass=changeit
+argeo.server.https.clientAuth=want
\ No newline at end of file