diff --git a/Dockerfile b/Dockerfile index fd3892c..c57f5fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,53 +1,77 @@ -FROM hub.opensciencegrid.org/opensciencegrid/software-base:3.6-al8-release - -RUN yum install -y curl java-11-openjdk-headless java-11-openjdk-devel - -# Download and install tomcat -RUN useradd -r -s /sbin/nologin tomcat ;\ - mkdir -p /opt/tomcat ;\ - curl -s -L https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.69/bin/apache-tomcat-9.0.69.tar.gz | tar -zxf - -C /opt/tomcat --strip-components=1 ;\ - chgrp -R tomcat /opt/tomcat/conf ;\ - chmod g+rwx /opt/tomcat/conf ;\ - chmod g+r /opt/tomcat/conf/* ;\ - chown -R tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/webapps/ /opt/tomcat/work/ ;\ - chgrp -R tomcat /opt/tomcat/bin /opt/tomcat/lib ;\ - chmod g+rwx /opt/tomcat/bin ;\ - chmod g+r /opt/tomcat/bin/* ;\ +ARG BASE_OSG_SERIES=23 +ARG BASE_OS=el9 +ARG BASE_YUM_REPO=release + +FROM hub.opensciencegrid.org/osg-htc/software-base:${BASE_OSG_SERIES}-${BASE_OS}-${BASE_YUM_REPO} + +RUN < /opt/tomcat/webapps/scitokens-server.war ;\ - curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar ;\ - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.1/jwt.jar > /opt/scitokens-server/lib/jwt.jar ;\ - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.1/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar ;\ - cd /opt/tomcat/webapps/scitokens-server ;\ - jar -xf ../scitokens-server.war ;\ - chgrp -R tomcat /opt/tomcat/webapps/scitokens-server ;\ - mkdir -p /opt/tomcat/var/storage/scitokens-server ;\ - chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server ;\ - # Install support for the QDL CLI - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.1/qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ - java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl ;\ - rm /tmp/oa2-qdl-installer.jar ;\ - mkdir -p /opt/qdl/var/scripts ;\ - # Remove the default manager apps and examples -- we don't use these - rm -rf /opt/tomcat/webapps/ROOT /opt/tomcat/webapps/docs /opt/tomcat/webapps/examples /opt/tomcat/webapps/host-manager /opt/tomcat/webapps/manager ;\ - true; + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/oauth2.war > /opt/tomcat/webapps/scitokens-server.war + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/jwt.jar > /opt/scitokens-server/lib/jwt.jar + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar + curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar + + ( cd /opt/tomcat/webapps/scitokens-server && jar -xf /opt/tomcat/webapps/scitokens-server.war ) + rm /opt/tomcat/webapps/scitokens-server.war + + chgrp -R tomcat /opt/tomcat/webapps/scitokens-server + mkdir -p /opt/tomcat/var/storage/scitokens-server + chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server + + # Install support for the QDL CLI. + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.1.0/qdl-installer.jar >/tmp/oa2-qdl-installer.jar + java -jar /tmp/oa2-qdl-installer.jar install -all -dir /opt/qdl + rm /tmp/oa2-qdl-installer.jar + mkdir -p /opt/qdl/var/scripts + + # Remove Tomcat's default manager apps and examples. + rm -rf /opt/tomcat/webapps/ROOT /opt/tomcat/webapps/docs /opt/tomcat/webapps/examples /opt/tomcat/webapps/host-manager /opt/tomcat/webapps/manager + + # Remove packages that were needed only for this build step. + dnf remove -y java-11-openjdk-devel + dnf clean all + rm -rf /var/cache/dnf/* +ENDRUN # The generate_jwk.sh script is part of the documented bootstrap of the container. ADD generate_jwk.sh /usr/local/bin/generate_jwk.sh -# Add other QDL CLI tools and configs not part of the default installer +# Add other QDL CLI tools and configs not part of the default installer. COPY qdl /opt/qdl -# Add in the tomcat server configuration +# Add in the Tomcat server configuration. ADD --chown=root:tomcat server.xml /opt/tomcat/conf/server.xml # Copy over our configuration of the OA4MP webapp. diff --git a/qdl/bin/qdl b/qdl/bin/qdl index 6ffeb98..533f0eb 100644 --- a/qdl/bin/qdl +++ b/qdl/bin/qdl @@ -6,4 +6,4 @@ QDL_JAR="$QDL_HOME/lib/qdl.jar" cfgFile=${1:-$CFG_FILE} cfgName=${2:-$CFG_NAME} -java -cp $QDL_JAR edu.uiuc.ncsa.qdl.workspace.QDLWorkspace -cfg $cfgFile -name $cfgName -home_dir $QDL_HOME \ No newline at end of file +java -cp $QDL_JAR org.qdl_lang.workspace.QDLWorkspace -cfg $cfgFile -name $cfgName -home_dir $QDL_HOME diff --git a/qdl/bin/qdl-run b/qdl/bin/qdl-run index fd6d929..26a0f33 100755 --- a/qdl/bin/qdl-run +++ b/qdl/bin/qdl-run @@ -5,4 +5,4 @@ CFG_FILE="$QDL_HOME/etc/qdl-cfg.xml" CFG_NAME="run-it" QDL_JAR="$QDL_HOME/lib/qdl.jar" -java -cp $QDL_JAR edu.uiuc.ncsa.qdl.workspace.QDLWorkspace -cfg $CFG_FILE -name $CFG_NAME -home_dir $QDL_HOME -run "$@" +java -cp $QDL_JAR org.qdl_lang.workspace.QDLWorkspace -cfg $CFG_FILE -name $CFG_NAME -home_dir $QDL_HOME -run "$@" diff --git a/qdl/etc/qdl-cfg.xml b/qdl/etc/qdl-cfg.xml index 548d4f7..f9768b5 100644 --- a/qdl/etc/qdl-cfg.xml +++ b/qdl/etc/qdl-cfg.xml @@ -45,15 +45,15 @@ - edu.uiuc.ncsa.myproxy.oa4mp.qdl.OA2QDLLoader + org.oa4mp.server.loader.qdl.OA2QDLLoader - edu.uiuc.ncsa.oa2.qdl.QDLToolsLoader + org.oa4mp.server.qdl.QDLToolsLoader - edu.uiuc.ncsa.oa2.qdl.storage.StoreAccessLoader + org.oa4mp.server.qdl.storage.StoreAccessLoader @@ -86,15 +86,15 @@ - edu.uiuc.ncsa.myproxy.oa4mp.qdl.OA2QDLLoader + org.oa4mp.server.loader.qdl.OA2QDLLoader - edu.uiuc.ncsa.oa2.qdl.QDLToolsLoader + org.oa4mp.server.qdl.QDLToolsLoader - edu.uiuc.ncsa.oa2.qdl.storage.StoreAccessLoader + org.oa4mp.server.qdl.storage.StoreAccessLoader diff --git a/qdl/var/scripts/boot.qdl b/qdl/var/scripts/boot.qdl index 12e4d9f..aecd8ab 100755 --- a/qdl/var/scripts/boot.qdl +++ b/qdl/var/scripts/boot.qdl @@ -16,7 +16,7 @@ template_dir := st_home + '/etc/templates'; /* Set up access to the client store using the current server configuration. */ -module_import('oa2:/qdl/store', 'clients'); +module_import('oa4mp:/qdl/store', 'clients'); clients#init(st_home+'/etc/server-config.xml', 'scitokens-server', 'client'); diff --git a/scitokens-client/web.xml b/scitokens-client/web.xml index c080214..54b2f93 100644 --- a/scitokens-client/web.xml +++ b/scitokens-client/web.xml @@ -34,7 +34,7 @@ discovery - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2DiscoveryServlet + org.oa4mp.server.loader.oauth2.servlet.OA2DiscoveryServlet discovery @@ -24,7 +24,7 @@ callback - edu.uiuc.ncsa.oa2.servlet.ProxyCallbackServlet + org.oa4mp.server.proxy.ProxyCallbackServlet 0 @@ -35,7 +35,7 @@ accessToken - edu.uiuc.ncsa.oa2.servlet.OA2ATServlet + org.oa4mp.server.proxy.OA2ATServlet 0 @@ -46,7 +46,7 @@ oidc-cm - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.oidc_cm.OIDCCMServlet + org.oa4mp.server.loader.oauth2.cm.oidc_cm.OIDCCMServlet oidc-cm @@ -56,7 +56,7 @@ getCert - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2CertServlet + org.oa4mp.server.proxy.OA2CertServlet @@ -66,7 +66,7 @@ error - edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.ErrorServlet + org.oa4mp.server.api.storage.servlet.ErrorServlet error @@ -75,7 +75,7 @@ authorize - edu.uiuc.ncsa.oa2.servlet.OA2AuthorizationServer + org.oa4mp.server.proxy.OA2AuthorizationServer authorize @@ -84,7 +84,7 @@ device_authorization - edu.uiuc.ncsa.oa2.servlet.RFC8628Servlet + org.oa4mp.server.proxy.RFC8628Servlet device_authorization @@ -93,7 +93,7 @@ device - edu.uiuc.ncsa.oa2.servlet.RFC8628AuthorizationServer + org.oa4mp.server.proxy.RFC8628AuthorizationServer device @@ -102,7 +102,7 @@ admin-register - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AdminRegistrationServlet + org.oa4mp.server.loader.oauth2.servlet.OA2AdminRegistrationServlet admin-register @@ -112,7 +112,7 @@ clientVetting - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AutoRegistrationServlet + org.oa4mp.server.loader.oauth2.servlet.OA2RegistrationServlet 1 @@ -122,7 +122,7 @@ client - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.ClientServlet + org.oa4mp.server.loader.oauth2.servlet.ClientServlet 1 @@ -132,7 +132,7 @@ userInfo - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.UserInfoServlet + org.oa4mp.server.loader.oauth2.servlet.UserInfoServlet userInfo @@ -141,7 +141,7 @@ revoke - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.RFC7009 + org.oa4mp.server.loader.oauth2.servlet.RFC7009 0 @@ -151,7 +151,7 @@ introspect - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.RFC7662 + org.oa4mp.server.loader.oauth2.servlet.RFC7662 0 @@ -203,12 +203,12 @@ - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.loader.OA2Bootstrapper + org.oa4mp.server.loader.oauth2.loader.OA2Bootstrapper - edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.TooManyRequestsException + org.oa4mp.server.api.storage.servlet.TooManyRequestsException /tooManyClientRequests.jsp diff --git a/start.sh b/start.sh index 457f6b5..d64a219 100755 --- a/start.sh +++ b/start.sh @@ -1,7 +1,10 @@ #!/bin/bash # Set the hostname -sed s+\{HOSTNAME\}+$HOSTNAME+g /opt/scitokens-server/etc/server-config.xml.tmpl > /opt/scitokens-server/etc/server-config.xml +if [ -z "${ISSUER}" ]; then + ISSUER="https://${HOSTNAME}/scitokens-server" +fi +sed -e s+\{HOSTNAME\}+$HOSTNAME+g -e s+\{ISSUER\}+$ISSUER+g /opt/scitokens-server/etc/server-config.xml.tmpl > /opt/scitokens-server/etc/server-config.xml sed s+\{HOSTNAME\}+$HOSTNAME+g /opt/scitokens-server/etc/proxy-config.xml.tmpl | \ sed s+\{CLIENT_ID\}+$CLIENT_ID+g | \ sed s+\{CLIENT_SECRET\}+$CLIENT_SECRET+g > /opt/scitokens-server/etc/proxy-config.xml