Task #7944
Java Keystore password needs to be added to the config by the build-out script of dataone-cn-portal.
100%
Description
Currently it is manually added to portal servlet client configuration after postinst.
We need to automate it so that install asks for the password and the postinst puts it into the config.
Related issues
History
#1 Updated by Dave Vieglais almost 8 years ago
- Target version changed from CCI-2.3.1 to CCI-2.3.2
Not a blocker so moving to 2.3.2
#2 Updated by Rob Nahf over 7 years ago
- Category set to d1_portal_servlet
- Subject changed from Java Keystore password needs to be manually added to portal servlet client configuration to Java Keystore password needs to be done by the build-out script of dataone-cn-portal.
- Description updated (diff)
- Assignee changed from Jing Tao to Rob Nahf
#3 Updated by Rob Nahf over 7 years ago
- Subject changed from Java Keystore password needs to be done by the build-out script of dataone-cn-portal. to Java Keystore password needs to be added to the config by the build-out script of dataone-cn-portal.
#4 Updated by Rob Nahf over 7 years ago
- Related to Task #7507: Include ORCID API configuration in postinst added
#5 Updated by Rob Nahf over 7 years ago
noticed that the password is stored in plain-text in the tomcat deployment, readable by anyone. This is a bigger security issue than keeping it in debconf's password.dat file after running dataone-cn-os-core.
I think the best solution is to put this property, and the orcid secret into the tomcat server config ($TOMCAT_HOME}/conf/web.xml), as per OA4MP's configuration documentation (http://grid.ncsa.illinois.edu/myproxy/oauth/common/configuration/configuration-files.xhtml)
"Tip: It is a very good idea to put your context parameters in the server web.xml (should be located at $CATALINA_HOME/conf/web.xml.) This will allow you to swap out/upgrade versions of OA4MP without having to touch any configuration "
#6 Updated by Rob Nahf over 7 years ago
- Assignee changed from Rob Nahf to Jing Tao
#7 Updated by Jing Tao over 7 years ago
- Category changed from d1_portal_servlet to dataone-cn-portal
- % Done changed from 0 to 100
- Status changed from New to Closed
Add a input form for the java keystore password. The form only shows up when the dataone-cn-os-core/key.store.password is blank.
The client.xml file is set only be readable by the tomcat7 user.
The code is committed to both trunk and 2.3 branch.