From 100219e8d9d19607f56d87418fd2174d351870df Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 18 Dec 2017 15:51:29 +0100 Subject: [PATCH] thredds: Install web.xml from a template to disable the TLS enforcing. --- thredds/defaults/main.yml | 1 + thredds/tasks/main.yml | 6 + thredds/templates/web.xml.j2 | 532 +++++++++++++++++++++++++++++++++++ 3 files changed, 539 insertions(+) create mode 100644 thredds/templates/web.xml.j2 diff --git a/thredds/defaults/main.yml b/thredds/defaults/main.yml index b9715de..8a6d948 100644 --- a/thredds/defaults/main.yml +++ b/thredds/defaults/main.yml @@ -18,3 +18,4 @@ thredds_organization: 'ORG' thredds_email: '' thredds_host_institution_name: 'ORG' thredds_host_institution_web: '' +thredds_force_ssl_for_user_data: False diff --git a/thredds/tasks/main.yml b/thredds/tasks/main.yml index dfd6330..e9cc52f 100644 --- a/thredds/tasks/main.yml +++ b/thredds/tasks/main.yml @@ -51,6 +51,12 @@ with_items: '{{ tomcat_m_instances }}' notify: tomcat instances restart + - name: Install the Thredds configuration files + template: src=web.xml.j2 dest={{ item.instance_path }}/webapps/{{ thredds_app_name | lower }}/WEB-INF/web.xml owner={{ item.user }} group={{ item.user }} mode=644 + with_items: '{{ tomcat_m_instances }}' + notify: tomcat instances restart + tags: [ 'thredds', 'tomcat', 'thredds_conf', 'thredds_webxml' ] + when: thredds_install tags: [ 'thredds', 'tomcat' ] diff --git a/thredds/templates/web.xml.j2 b/thredds/templates/web.xml.j2 new file mode 100644 index 0000000..b1f386c --- /dev/null +++ b/thredds/templates/web.xml.j2 @@ -0,0 +1,532 @@ + + + THREDDS Data Server + THREDDS Data Server + + + + + ContextPath + thredds + + + + + RequestBracketingLogMessageFilter + thredds.server.RequestBracketingLogMessageFilter + + + + RequestPathFilter + thredds.servlet.filter.RequestPathFilter + + + + RequestQueryFilter + thredds.servlet.filter.RequestQueryFilter + + + + RequestQueryFilterAllowAngleBrackets + thredds.servlet.filter.RequestQueryFilter + + allowAngleBrackets + true + + + + + + + CookieFilter + thredds.servlet.filter.CookieFilter + + + + RequestCORSFilter + + org.springframework.web.filter.DelegatingFilterProxy + + targetBeanName + corsFilter + + + + + RequestBracketingLogMessageFilter + + /* + + + + + RequestPathFilter + /* + + + + + RequestQueryFilter + root + + + + + + + + RequestQueryFilter + RestrictedDataset + + + RequestCORSFilter + /* + + + + RequestQueryFilter + wms + + + + + + + RequestQueryFilterAllowAngleBrackets + Opendap + + + + + + + + CookieFilter + Opendap + + + + + + + + contextConfigLocation + /WEB-INF/applicationContext-tdsConfig.xml + + + + org.springframework.web.context.ContextLoaderListener + + + + thredds.server.opendap.OpendapSessionAttributeListener + + + + + + + + + + + + + + root + org.springframework.web.servlet.DispatcherServlet + + contextConfigLocation + /WEB-INF/servlet-context.xml + + 1 + + + + + + + + + OPeNDAP Server + Opendap + thredds.server.opendap.OpendapServlet + 2 + + + + + + + + + + + + + wms + org.springframework.web.servlet.DispatcherServlet + 4 + + + + + RestrictedDataset + thredds.servlet.restrict.RestrictedDatasetServlet + + + Authorizer + thredds.servlet.restrict.TomcatAuthorizer + + + + useSSL + false + + + + portSSL + 8443 + + + 2 + + + + + + + + + + + + + + + + + root + / + + + root + *.css + + + root + *.gif + + + + + + + + + Opendap + /dodsC/* + + + + + + RestrictedDataset + /restrictedAccess/* + + + + + + wms + /wms/* + + + + + + + + + / + + + + 404 + /WEB-INF/jsp/errorpages/404.jsp + + + 500 + /WEB-INF/jsp/errorpages/500.jsp + + + + + + + + + sensitive read access + /admin/* + + + tdsConfig + +{% if thredds_force_ssl_for_user_data %} + + CONFIDENTIAL + +{% endif %} + + + + + + allow feature collection rescan to be triggered externally + /admin/collection/trigger + /admin/trigger + + + tdsTrigger + +{% if thredds_force_ssl_for_user_data %} + + CONFIDENTIAL + +{% endif %} + + + + + + + + sensitive read access + /admin/log/* + + + tdsMonitor + +{% if thredds_force_ssl_for_user_data %} + + CONFIDENTIAL + +{% endif %} + + + + + + restricted access datasets + /restrictedAccess/* + + + restrictedDatasetUser + +{% if thredds_force_ssl_for_user_data %} + + CONFIDENTIAL + +{% endif %} + + + + + BASIC + THREDDS Data Server + + + + + The configuration role allows users to configure the THREDDS server. + tdsConfig + + + + User who can download tds logs for monitoring purposes. + tdsMonitor + + + + User is allowed to trigger featureCollection rereads + tdsTrigger + + + + User who can access restricted datasets. + restrictedDatasetUser + + +