diff options
author | huangjian <huang.jian12@zte.com.cn> | 2016-10-24 14:44:17 +0800 |
---|---|---|
committer | huangjian <huang.jian12@zte.com.cn> | 2016-10-24 15:05:03 +0800 |
commit | c18db6c1c48dc5a624519c01ba535b74802b5b9a (patch) | |
tree | e8da3e0663c45b5baf1d5d3e071dad99208f8698 /catalog-core/httpserver | |
parent | ea43742d81428a94a7cfe79e82ba4b04ed6824bf (diff) |
Update tomcat version to '8.5.6'
Change-Id: I4bebc635354375d77906b0c5103499aed22cdc3a
Issue-id: TOSCA-139
Signed-off-by: huangjian <huang.jian12@zte.com.cn>
Diffstat (limited to 'catalog-core/httpserver')
-rw-r--r-- | catalog-core/httpserver/pom.xml | 1 | ||||
-rw-r--r-- | catalog-core/httpserver/src/main/assembly/tomcat/conf/server.xml | 75 | ||||
-rw-r--r-- | catalog-core/httpserver/src/main/assembly/tomcat/conf/web.xml | 124 |
3 files changed, 141 insertions, 59 deletions
diff --git a/catalog-core/httpserver/pom.xml b/catalog-core/httpserver/pom.xml index 75045d75..8f50fd18 100644 --- a/catalog-core/httpserver/pom.xml +++ b/catalog-core/httpserver/pom.xml @@ -29,7 +29,6 @@ <packaging>pom</packaging> <properties> - <tomcat.version>7.0.62</tomcat.version> <packagename>http-server</packagename> </properties> diff --git a/catalog-core/httpserver/src/main/assembly/tomcat/conf/server.xml b/catalog-core/httpserver/src/main/assembly/tomcat/conf/server.xml index 1d7a8e7f..43ffac43 100644 --- a/catalog-core/httpserver/src/main/assembly/tomcat/conf/server.xml +++ b/catalog-core/httpserver/src/main/assembly/tomcat/conf/server.xml @@ -1,20 +1,19 @@ -<?xml version='1.0' encoding='utf-8'?> +<?xml version="1.0" encoding="UTF-8"?> <!-- - - Copyright 2016 ZTE Corporation. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. --> <!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. @@ -27,8 +26,6 @@ --> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> - <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> - <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> @@ -64,10 +61,10 @@ <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : - Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java HTTP Connector: /docs/config/http.html Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html - Define a non-SSL HTTP/1.1 Connector on port 8080 + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> <Connector port="8201" protocol="HTTP/1.1" connectionTimeout="20000" @@ -79,15 +76,35 @@ connectionTimeout="20000" redirectPort="8443" /> --> - <!-- Define a SSL HTTP/1.1 Connector on port 8443 - This connector uses the BIO implementation that requires the JSSE - style configuration. When using the APR/native implementation, the - OpenSSL style configuration is required as described in the APR/native - documentation --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation with the JSSE engine. When + using the JSSE engine, the JSSE configuration attributes must be used. + --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true"> + <SSLHostConfig> + <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" + type="RSA" /> + </SSLHostConfig> + </Connector> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 + This connector uses the APR/native implementation. When using the + APR/native implementation or the OpenSSL engine with NIO or NIO2 then + the OpenSSL configuration attributes must be used. + --> <!-- - <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" - maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - clientAuth="false" sslProtocol="TLS" /> + <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" + maxThreads="150" SSLEnabled="true" > + <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> + <SSLHostConfig> + <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" + certificateFile="conf/localhost-rsa-cert.pem" + certificateChainFile="conf/localhost-rsa-chain.pem" + type="RSA" /> + </SSLHostConfig> + </Connector> --> <!-- Define an AJP 1.3 Connector on port 8009 --> @@ -136,7 +153,7 @@ Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" - prefix="localhost_access_log." suffix=".txt" + prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> diff --git a/catalog-core/httpserver/src/main/assembly/tomcat/conf/web.xml b/catalog-core/httpserver/src/main/assembly/tomcat/conf/web.xml index 7a6c7b25..acaeaa50 100644 --- a/catalog-core/httpserver/src/main/assembly/tomcat/conf/web.xml +++ b/catalog-core/httpserver/src/main/assembly/tomcat/conf/web.xml @@ -1,26 +1,25 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> +<?xml version="1.0" encoding="UTF-8"?> <!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at - Copyright 2016 ZTE Corporation. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. --> -<web-app xmlns="http://java.sun.com/xml/ns/javaee" +<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee - http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> + xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee + http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" + version="3.1"> <!-- ======================== Introduction ============================== --> <!-- This document defines default values for *all* web applications --> @@ -43,7 +42,8 @@ <!-- parameters (default values are in square brackets): --> <!-- --> <!-- debug Debugging detail level for messages logged --> - <!-- by this servlet. [0] --> + <!-- by this servlet. Useful values are 0, 1, and --> + <!-- 11 where higher values mean more detail. [0] --> <!-- --> <!-- fileEncoding Encoding to be used to read static resources --> <!-- [platform default] --> @@ -138,9 +138,9 @@ <!-- pages. See the jasper documentation for more --> <!-- information. --> <!-- --> - <!-- compilerSourceVM Compiler source VM. [1.6] --> + <!-- compilerSourceVM Compiler source VM. [1.7] --> <!-- --> - <!-- compilerTargetVM Compiler target VM. [1.6] --> + <!-- compilerTargetVM Compiler target VM. [1.7] --> <!-- --> <!-- development Is Jasper used in development mode? If true, --> <!-- the frequency at which JSPs are checked for --> @@ -163,6 +163,8 @@ <!-- engineOptionsClass Allows specifying the Options class used to --> <!-- configure Jasper. If not present, the default --> <!-- EmbeddedServletOptions will be used. --> + <!-- This option is ignored when running under a --> + <!-- SecurityManager. --> <!-- --> <!-- errorOnUseBeanInvalidClassAttribute --> <!-- Should Jasper issue an error when the value of --> @@ -224,6 +226,8 @@ <!-- scratchdir What scratch directory should we use when --> <!-- compiling JSP pages? [default work directory --> <!-- for the current web application] --> + <!-- This option is ignored when running under a --> + <!-- SecurityManager. --> <!-- --> <!-- suppressSmap Should the generation of SMAP info for JSR45 --> <!-- debugging be suppressed? [false] --> @@ -233,6 +237,16 @@ <!-- --> <!-- xpoweredBy Determines whether X-Powered-By response --> <!-- header is added by generated servlet. [false] --> + <!-- --> + <!-- strictQuoteEscaping When scriptlet expressions are used for --> + <!-- attribute values, should the rules in JSP.1.6 --> + <!-- for the escaping of quote characters be --> + <!-- strictly applied? [true] --> + <!-- --> + <!-- quoteAttributeEL When EL is used in an attribute value on a --> + <!-- JSP page should the rules for quoting of --> + <!-- attributes described in JSP.1.6 be applied to --> + <!-- the expression? [true] --> <servlet> <servlet-name>jsp</servlet-name> @@ -321,12 +335,18 @@ <!-- If not set, then webAppRootDir is used. --> <!-- Recommended value: WEB-INF/cgi --> <!-- --> - <!-- debug Debugging detail level for messages logged --> - <!-- by this servlet. [0] --> - <!-- --> <!-- executable Name of the executable used to run the --> <!-- script. [perl] --> <!-- --> + <!-- envHttpHeaders A regular expression used to select the HTTP --> + <!-- headers passed to the CGI process as --> + <!-- environment variables. Note that headers are --> + <!-- converted to upper case before matching and --> + <!-- that the entire header name must match the --> + <!-- pattern. --> + <!-- [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST| --> + <!-- IF-[-0-9A-Z]*|REFERER|USER-AGENT] --> + <!-- --> <!-- parameterEncoding Name of parameter encoding to be used with --> <!-- CGI servlet. --> <!-- [System.getProperty("file.encoding","UTF-8")] --> @@ -343,14 +363,10 @@ <servlet-name>cgi</servlet-name> <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class> <init-param> - <param-name>debug</param-name> - <param-value>0</param-value> - </init-param> - <init-param> <param-name>cgiPathPrefix</param-name> <param-value>WEB-INF/cgi</param-value> </init-param> - <load-on-startup>5</load-on-startup> + <load-on-startup>5</load-on-startup> </servlet> --> @@ -396,6 +412,46 @@ <!-- ================== Built In Filter Definitions ===================== --> + <!-- A filter that sets various security related HTTP Response headers. --> + <!-- This filter supports the following initialization parameters --> + <!-- (default values are in square brackets): --> + <!-- --> + <!-- hstsEnabled Should the HTTP Strict Transport Security --> + <!-- (HSTS) header be added to the response? See --> + <!-- RFC 6797 for more information on HSTS. [true] --> + <!-- --> + <!-- hstsMaxAgeSeconds The max age value that should be used in the --> + <!-- HSTS header. Negative values will be treated --> + <!-- as zero. [0] --> + <!-- --> + <!-- hstsIncludeSubDomains --> + <!-- Should the includeSubDomains parameter be --> + <!-- included in the HSTS header. --> + <!-- --> + <!-- antiClickJackingEnabled --> + <!-- Should the anti click-jacking header --> + <!-- X-Frame-Options be added to every response? --> + <!-- [true] --> + <!-- --> + <!-- antiClickJackingOption --> + <!-- What value should be used for the header. Must --> + <!-- be one of DENY, SAMEORIGIN, ALLOW-FROM --> + <!-- (case-insensitive). [DENY] --> + <!-- --> + <!-- antiClickJackingUri IF ALLOW-FROM is used, what URI should be --> + <!-- allowed? [] --> + <!-- --> + <!-- blockContentTypeSniffingEnabled --> + <!-- Should the header that blocks content type --> + <!-- sniffing be added to every response? [true] --> +<!-- + <filter> + <filter-name>httpHeaderSecurity</filter-name> + <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> + <async-supported>true</async-supported> + </filter> +--> + <!-- A filter that sets character encoding that is used to decode --> <!-- parameters in a POST request --> <!-- @@ -484,6 +540,15 @@ <!-- ==================== Built In Filter Mappings ====================== --> + <!-- The mapping for the HTTP header security Filter --> +<!-- + <filter-mapping> + <filter-name>httpHeaderSecurity</filter-name> + <url-pattern>/*</url-pattern> + <dispatcher>REQUEST</dispatcher> + </filter-mapping> +--> + <!-- The mapping for the Set Character Encoding Filter --> <!-- <filter-mapping> @@ -524,6 +589,7 @@ <!-- based on these mappings. Additional mappings can be added here (to --> <!-- apply to all web applications), or in your own application's web.xml --> <!-- deployment descriptor. --> + <!-- Note: Extensions are always matched in a case-insensitive manner. --> <mime-mapping> <extension>123</extension> |