Project

General

Profile

Task #7944

Java Keystore password needs to be added to the config by the build-out script of dataone-cn-portal.

Added by Jing Tao over 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jing Tao
Category:
dataone-cn-portal
Target version:
CCI-2.3.2
Start date:
2016-11-29
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

Currently it is manually added to portal servlet client configuration after postinst.

We need to automate it so that install asks for the password and the postinst puts it into the config.

Related issues

Related to Infrastructure - Task #7507: Include ORCID API configuration in postinst Closed 2015-12-04

History

#1 Updated by Dave Vieglais over 7 years ago

  • Target version changed from CCI-2.3.1 to CCI-2.3.2

Not a blocker so moving to 2.3.2

#2 Updated by Rob Nahf about 7 years ago

  • Category set to d1_portal_servlet
  • Subject changed from Java Keystore password needs to be manually added to portal servlet client configuration to Java Keystore password needs to be done by the build-out script of dataone-cn-portal.
  • Description updated (diff)
  • Assignee changed from Jing Tao to Rob Nahf

#3 Updated by Rob Nahf about 7 years ago

  • Subject changed from Java Keystore password needs to be done by the build-out script of dataone-cn-portal. to Java Keystore password needs to be added to the config by the build-out script of dataone-cn-portal.

#4 Updated by Rob Nahf about 7 years ago

  • Related to Task #7507: Include ORCID API configuration in postinst added

#5 Updated by Rob Nahf about 7 years ago

noticed that the password is stored in plain-text in the tomcat deployment, readable by anyone. This is a bigger security issue than keeping it in debconf's password.dat file after running dataone-cn-os-core.

I think the best solution is to put this property, and the orcid secret into the tomcat server config ($TOMCAT_HOME}/conf/web.xml), as per OA4MP's configuration documentation (http://grid.ncsa.illinois.edu/myproxy/oauth/common/configuration/configuration-files.xhtml)

"Tip: It is a very good idea to put your context parameters in the server web.xml (should be located at $CATALINA_HOME/conf/web.xml.) This will allow you to swap out/upgrade versions of OA4MP without having to touch any configuration "

#6 Updated by Rob Nahf about 7 years ago

  • Assignee changed from Rob Nahf to Jing Tao

#7 Updated by Jing Tao about 7 years ago

  • Category changed from d1_portal_servlet to dataone-cn-portal
  • % Done changed from 0 to 100
  • Status changed from New to Closed

Add a input form for the java keystore password. The form only shows up when the dataone-cn-os-core/key.store.password is blank.
The client.xml file is set only be readable by the tomcat7 user.
The code is committed to both trunk and 2.3 branch.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)