diff --git a/.gitignore b/.gitignore
index 42e0465f..a3a6ea1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ node_modules
*.log
generated
+
+.DS_Store
diff --git a/config/collectory/collectory.yml b/config/collectory/collectory.yml
index 96643241..cf2f8092 100644
--- a/config/collectory/collectory.yml
+++ b/config/collectory/collectory.yml
@@ -5,7 +5,6 @@ security:
clientId: collections
oidc:
clientId: collections
- discoveryUri: ${common.protocol}://auth.${common.domain}/cas/oidc/.well-known
webservice:
client-id: collections
client-secret: xxx
@@ -32,7 +31,7 @@ collectionsMap:
centreMapLon: 4.4
defaultZoom: 9
dataSource:
- url: jdbc:mysql://root:my-super-secret-password@mysql:3306/collectory?autoReconnect=true&connectTimeout=0&useUnicode=true&characterEncoding=UTF-8&allowPublicKeyRetrieval=true&useSSL=False&serverTimezone=Europe/Paris
+ url: jdbc:mysql://collectory:my-super-secret-password@mysql:3306/collectory?autoReconnect=true&connectTimeout=0&useUnicode=true&characterEncoding=UTF-8&allowPublicKeyRetrieval=true&useSSL=False&serverTimezone=Europe/Paris
defaultLocale: en
disableAlertLinks: true
disableCAS: false
diff --git a/config/image-service/image-service.yml b/config/image-service/image-service.yml
index 3b6047aa..5d688bfb 100644
--- a/config/image-service/image-service.yml
+++ b/config/image-service/image-service.yml
@@ -63,3 +63,31 @@ collectory:
baseURL: "${common.protocol}://collections.${common.domain}"
biocache:
baseURL: "${common.protocol}://biocache.${common.domain}"
+
+dataSource:
+ driverClassName: org.postgresql.Driver
+ dialect: org.hibernate.spatial.dialect.postgis.PostgisPG9Dialect
+ url: 'jdbc:postgresql://postgis:5432/images'
+ username: 'images'
+ password: 'my-super-secret-password'
+ pooled: true
+ jmxExport: true
+ dbCreate: update
+ properties:
+ jmxEnabled: true
+ initialSize: 5
+ maxActive: 50
+ minIdle: 5
+ maxIdle: 25
+ maxWait: 10000
+ maxAge: 600000
+ timeBetweenEvictionRunsMillis: 5000
+ minEvictableIdleTimeMillis: 60000
+ validationQuery: SELECT 1
+ validationQueryTimeout: 3
+ validationInterval: 15000
+ testOnBorrow: true
+ testWhileIdle: true
+ testOnReturn: false
+ jdbcInterceptors: ConnectionState
+ defaultTransactionIsolation: 2 # TRANSACTION_READ_COMMITTED
diff --git a/config/logger/logger.yml b/config/logger/logger.yml
index 9c803d4d..5b9f6b48 100644
--- a/config/logger/logger.yml
+++ b/config/logger/logger.yml
@@ -11,4 +11,7 @@ webservice:
client-secret: xxx
grails:
- serverURL: ${common.protocol}://logger.${common.domain}
\ No newline at end of file
+ serverURL: ${common.protocol}://logger.${common.domain}
+
+dataSource:
+ url: jdbc:mysql://logger:my-super-secret-password@mysql:3306/logger?autoReconnect=true&connectTimeout=0&useUnicode=true&characterEncoding=UTF-8&allowPublicKeyRetrieval=true&useSSL=False&serverTimezone=Europe/Paris
\ No newline at end of file
diff --git a/config/spatial-service/spatial-service.yml b/config/spatial-service/spatial-service.yml
index 13278c9b..5091f420 100644
--- a/config/spatial-service/spatial-service.yml
+++ b/config/spatial-service/spatial-service.yml
@@ -44,6 +44,8 @@ dataSource:
driverClassName: org.postgresql.Driver
dialect: org.hibernate.spatial.dialect.postgis.PostgisPG9Dialect
url: 'jdbc:postgresql://postgis:5432/layersdb'
+ username: 'spatial'
+ password: 'my-super-secret-password'
pooled: true
jmxExport: true
dbCreate: update
diff --git a/config/userdetails/db-init/V1__init.sql b/config/userdetails/db-init/V1__init.sql
new file mode 100644
index 00000000..500f9958
--- /dev/null
+++ b/config/userdetails/db-init/V1__init.sql
@@ -0,0 +1,212 @@
+-- MySQL dump 10.13 Distrib 5.5.55, for debian-linux-gnu (x86_64)
+--
+-- Host: localhost Database: emmet
+-- ------------------------------------------------------
+-- Server version 5.5.55-0ubuntu0.14.04.1
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Table structure for table `auth_key`
+--
+
+DROP TABLE IF EXISTS `auth_key`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `auth_key` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `version` bigint(20) NOT NULL,
+ `auth_key` varchar(255) NOT NULL,
+ `mobile_user_id` bigint(20) NOT NULL,
+ PRIMARY KEY (`id`),
+ KEY `FK5563974818294D56` (`mobile_user_id`),
+ CONSTRAINT `FK5563974818294D56` FOREIGN KEY (`mobile_user_id`) REFERENCES `mobile_user` (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `authorised_system`
+--
+
+DROP TABLE IF EXISTS `authorised_system`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `authorised_system` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `version` bigint(20) NOT NULL,
+ `host` varchar(255) NOT NULL,
+ `description` varchar(255) DEFAULT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=192 DEFAULT CHARSET=latin1;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `authorities`
+--
+
+DROP TABLE IF EXISTS `authorities`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `authorities` (
+ `userid` int(11) NOT NULL,
+ `authority` varchar(30) NOT NULL,
+ PRIMARY KEY (`userid`,`authority`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `c3p0TestTable`
+--
+
+DROP TABLE IF EXISTS `c3p0TestTable`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `c3p0TestTable` (
+ `a` char(1) DEFAULT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `identities`
+--
+
+DROP TABLE IF EXISTS `identities`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `identities` (
+ `userid` int(11) NOT NULL,
+ `identityuri` varchar(255) NOT NULL,
+ `domain` varchar(255) NOT NULL,
+ PRIMARY KEY (`userid`,`identityuri`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `mobile_user`
+--
+
+DROP TABLE IF EXISTS `mobile_user`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `mobile_user` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `version` bigint(20) NOT NULL,
+ `user_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `passwords`
+--
+
+DROP TABLE IF EXISTS `passwords`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `passwords` (
+ `userid` int(11) NOT NULL,
+ `password` varchar(255) NOT NULL,
+ `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ `expiry` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
+ `status` varchar(10) NOT NULL,
+ PRIMARY KEY (`userid`,`password`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `profiles`
+--
+
+DROP TABLE IF EXISTS `profiles`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `profiles` (
+ `userid` int(11) NOT NULL,
+ `property` varchar(255) NOT NULL,
+ `value` text NOT NULL,
+ PRIMARY KEY (`userid`,`property`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `role`
+--
+
+DROP TABLE IF EXISTS `role`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `role` (
+ `role` varchar(255) NOT NULL,
+ `description` varchar(255) NOT NULL,
+ PRIMARY KEY (`role`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `role`
+--
+
+LOCK TABLES `role` WRITE;
+/*!40000 ALTER TABLE `role` DISABLE KEYS */;
+INSERT INTO `role` VALUES ('ROLE_ABRS_ADMIN',''),('ROLE_ABRS_INSTITUTION',''),('ROLE_ADMIN','Admin role for ALA staff'),('ROLE_API_EDITOR','Enables a user to update the online web service API'),('ROLE_APPD_USER','APPD user'),('ROLE_AVH_ADMIN',''),('ROLE_AVH_CLUB',''),('ROLE_COLLECTION_ADMIN',''),('ROLE_COLLECTION_EDITOR',''),('ROLE_COLLECTORS_ADMIN',''),('ROLE_FC_ADMIN','Admin role for the Field Capture webapp'),('ROLE_FC_OFFICER','Field Capture officer role'),('ROLE_FC_READ_ONLY','Provides read only access to all projects in the field capture system.'),('ROLE_IMAGE_ADMIN',''),('ROLE_SPATIAL_ADMIN',''),('ROLE_SYSTEM_ADMIN',''),('ROLE_USER',''),('ROLE_VP_ADMIN',''),('ROLE_VP_TEST_ADMIN','The admin role for BVP Test server'),('ROLE_VP_VALIDATOR','');
+/*!40000 ALTER TABLE `role` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `user_role`
+--
+
+DROP TABLE IF EXISTS `user_role`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `user_role` (
+ `user_id` bigint(20) NOT NULL,
+ `role_id` varchar(255) NOT NULL,
+ PRIMARY KEY (`user_id`,`role_id`),
+ KEY `FK143BF46AF129182D` (`role_id`),
+ CONSTRAINT `FK143BF46AF129182D` FOREIGN KEY (`role_id`) REFERENCES `role` (`role`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Table structure for table `users`
+--
+
+DROP TABLE IF EXISTS `users`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `users` (
+ `userid` int(11) NOT NULL AUTO_INCREMENT,
+ `username` varchar(255) DEFAULT NULL,
+ `firstname` varchar(255) DEFAULT NULL,
+ `lastname` varchar(255) DEFAULT NULL,
+ `email` varchar(255) DEFAULT NULL,
+ `activated` char(1) NOT NULL,
+ `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ `expiry` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
+ `locked` char(1) NOT NULL,
+ `temp_auth_key` varchar(255) DEFAULT NULL,
+ PRIMARY KEY (`userid`),
+ UNIQUE KEY `username` (`username`)
+) ENGINE=InnoDB AUTO_INCREMENT=43954 DEFAULT CHARSET=utf8;
+/*!40101 SET character_set_client = @saved_cs_client */;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
+-- Dump completed on 2017-05-28 6:17:37
diff --git a/config/userdetails/db-init/V2__password_type.sql b/config/userdetails/db-init/V2__password_type.sql
new file mode 100644
index 00000000..d24b814f
--- /dev/null
+++ b/config/userdetails/db-init/V2__password_type.sql
@@ -0,0 +1,27 @@
+
+
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+ALTER TABLE `passwords`
+ ALTER COLUMN expiry SET DEFAULT '2038-01-01 00:00:00',
+ ADD COLUMN type VARCHAR(255)
+ AFTER password
+;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+UPDATE `passwords` SET `type` = 'legacy';
+/*!40101 SET character_set_client = utf8 */;
+
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+ALTER TABLE `passwords`
+ ALTER COLUMN type SET DEFAULT 'bycrypt';
+/*!40101 SET character_set_client = utf8 */;
+
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+ALTER TABLE `passwords`
+ MODIFY COLUMN type VARCHAR(255) NOT NULL;
+/*!40101 SET character_set_client = utf8 */;
diff --git a/config/userdetails/db-init/V3__nullable_expiry.sql b/config/userdetails/db-init/V3__nullable_expiry.sql
new file mode 100644
index 00000000..23e4fd02
--- /dev/null
+++ b/config/userdetails/db-init/V3__nullable_expiry.sql
@@ -0,0 +1,7 @@
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+ALTER TABLE `users`
+ MODIFY COLUMN expiry TIMESTAMP NULL DEFAULT NULL;
+/*!40101 SET character_set_client = utf8 */;
+
+UPDATE `users` SET expiry = null WHERE expiry = 0;
\ No newline at end of file
diff --git a/config/userdetails/db-init/V4__user_auto_timestamp.sql b/config/userdetails/db-init/V4__user_auto_timestamp.sql
new file mode 100644
index 00000000..1ebfc11c
--- /dev/null
+++ b/config/userdetails/db-init/V4__user_auto_timestamp.sql
@@ -0,0 +1,6 @@
+ALTER TABLE `users` CHANGE `created` `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
+ALTER TABLE `users` ADD `date_created` TIMESTAMP NULL;
+UPDATE `users` SET `date_created` = `created`;
+ALTER TABLE `users` CHANGE `date_created` `date_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
+ALTER TABLE `users` CHANGE `created` `last_updated` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
+ALTER TABLE `users` ADD `last_login` TIMESTAMP NULL;
\ No newline at end of file
diff --git a/config/userdetails/db-init/V5__make_userdetails_domain_validatable.sql b/config/userdetails/db-init/V5__make_userdetails_domain_validatable.sql
new file mode 100644
index 00000000..ce2bd277
--- /dev/null
+++ b/config/userdetails/db-init/V5__make_userdetails_domain_validatable.sql
@@ -0,0 +1,14 @@
+/* Disable created on update */
+ALTER TABLE `passwords` CHANGE `created` `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
+/* update passwords to nullable expiry and remove all invalid expiryies */
+ALTER TABLE `passwords`
+MODIFY COLUMN expiry TIMESTAMP NULL DEFAULT NULL;
+
+UPDATE `passwords` SET expiry = null WHERE expiry = 0 or expiry = '2038-01-01 00:00:00';
+
+/** switch userid from int(11) to bigint(20) for GORM default id size */
+ALTER TABLE authorities MODIFY userid BIGINT(20);
+ALTER TABLE identities MODIFY userid BIGINT(20);
+ALTER TABLE passwords MODIFY userid BIGINT(20);
+ALTER TABLE profiles MODIFY userid BIGINT(20);
+ALTER TABLE users MODIFY userid BIGINT(20) AUTO_INCREMENT;
diff --git a/config/userdetails/db-init/V6__normalise_states.sql b/config/userdetails/db-init/V6__normalise_states.sql
new file mode 100644
index 00000000..022f58d1
--- /dev/null
+++ b/config/userdetails/db-init/V6__normalise_states.sql
@@ -0,0 +1,15 @@
+update profiles set value = 'ACT' where property = 'state' and value = 'Australian Capital Territory';
+update profiles set value = 'NSW' where property = 'state' and value = 'New South Wales';
+update profiles set value = 'NT' where property = 'state' and value = 'Northern Territory';
+update profiles set value = 'QLD' where property = 'state' and value = 'Queensland';
+update profiles set value = 'SA' where property = 'state' and value = 'South Australia';
+update profiles set value = 'TAS' where property = 'state' and value = 'Tasmania';
+update profiles set value = 'VIC' where property = 'state' and value = 'Victoria';
+update profiles set value = 'WA' where property = 'state' and value = 'Western Australia';
+update profiles set value = '' where property = 'state' and value = 'N/A';
+update profiles set value = '' where property = 'state' and value = 'Select State';
+
+insert into profiles (userid, property, value) select userid, 'country', 'AU' from profiles where property = 'state' and `value` IN ('ACT', 'NSW', 'NT', 'QLD', 'SA', 'TAS', 'VIC', 'WA');
+insert into profiles (userid, property, value) select userid, 'country', 'US' from profiles where property = 'state' and `value` IN ('CT', 'PA');
+insert into profiles (userid, property, value) select userid, 'country', '' from profiles where property = 'state' and `value` NOT IN ('ACT', 'NSW', 'NT', 'QLD', 'SA', 'TAS', 'VIC', 'WA', 'CT', 'PA');
+
diff --git a/config/userdetails/db-init/V7__fix_user_role_fk.sql b/config/userdetails/db-init/V7__fix_user_role_fk.sql
new file mode 100644
index 00000000..986d343d
--- /dev/null
+++ b/config/userdetails/db-init/V7__fix_user_role_fk.sql
@@ -0,0 +1,2 @@
+DELETE ur FROM user_role ur WHERE NOT EXISTS (SELECT u.userid FROM users u WHERE u.userid = ur.user_id);
+ALTER TABLE user_role ADD CONSTRAINT fk_users_userid FOREIGN KEY (user_id) REFERENCES users(userid) ON DELETE CASCADE;
\ No newline at end of file
diff --git a/config/userdetails/db-init/V8__update_charsets_for_latin1_tables.sql b/config/userdetails/db-init/V8__update_charsets_for_latin1_tables.sql
new file mode 100644
index 00000000..fb6a4ea4
--- /dev/null
+++ b/config/userdetails/db-init/V8__update_charsets_for_latin1_tables.sql
@@ -0,0 +1,7 @@
+SET FOREIGN_KEY_CHECKS=0;
+ALTER TABLE `user_role` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `role` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `mobile_user` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `authorised_system` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `auth_key` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+SET FOREIGN_KEY_CHECKS=1;
\ No newline at end of file
diff --git a/config/userdetails/db-init/V9__update_charsets_for_remaining_tables.sql b/config/userdetails/db-init/V9__update_charsets_for_remaining_tables.sql
new file mode 100644
index 00000000..e72a1f3c
--- /dev/null
+++ b/config/userdetails/db-init/V9__update_charsets_for_remaining_tables.sql
@@ -0,0 +1,9 @@
+-- Update all tables to utf8mb4 for good measure
+SET FOREIGN_KEY_CHECKS=0;
+ALTER TABLE `authorities` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `c3p0TestTable` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `identities` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `passwords` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `profiles` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+ALTER TABLE `users` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+SET FOREIGN_KEY_CHECKS=1;
\ No newline at end of file
diff --git a/config/userdetails/userdetails.yml b/config/userdetails/userdetails.yml
index 304c2d4a..9d626f11 100644
--- a/config/userdetails/userdetails.yml
+++ b/config/userdetails/userdetails.yml
@@ -3,7 +3,10 @@
security:
jwt:
clientId: userdetails
+ cas:
+ enabled: true
oidc:
+ enabled: false
clientId: userdetails
secret: userdetails-oidc-super-secret
webservice:
@@ -53,6 +56,7 @@ server:
redirectAfterFirstLogin: ${grails.serverURL}/myprofile
dataSource:
dbCreate: none
+ driverClassName: com.mysql.jdbc.Driver
url: jdbc:mysql://cas:my-super-secret-password@mysql:3306/cas?serverTimezone=Europe/Brussels&zeroDateTimeBehavior=convertToNull&characterEncoding=UTF-8&useSSL=False&allowPublicKeyRetrieval=true
oauth:
providers:
diff --git a/docker/atlas-all/Dockerfile b/docker/atlas-all/Dockerfile
index 22e3b34e..b302e4af 100644
--- a/docker/atlas-all/Dockerfile
+++ b/docker/atlas-all/Dockerfile
@@ -158,22 +158,22 @@ RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
--parallel
-######################################### CAS APIKEY #########################################
-FROM gradle:7-jdk11 AS cas-apikey-builder
-
-ARG CAS_APIKEY_VERSION=1.7.0
-
-WORKDIR /project
-RUN git clone --branch ${CAS_APIKEY_VERSION} --depth 1 https://github.com/AtlasOfLivingAustralia/apikey.git /project
-RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
- gradle build assemble --no-daemon \
- -x test -x integrationTest \
- # -Dorg.gradle.debug=true -Dorg.gradle.debug.suspend=no --debug \
- --parallel
-
-RUN ls -la /project/build/libs/
-
-######################################### USERDETAILS #########################################
+########################################## CAS APIKEY #########################################
+#FROM gradle:7-jdk11 AS cas-apikey-builder
+#
+#ARG CAS_APIKEY_VERSION=1.7.0
+#
+#WORKDIR /project
+#RUN git clone --branch ${CAS_APIKEY_VERSION} --depth 1 https://github.com/AtlasOfLivingAustralia/apikey.git /project
+#RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
+# gradle build assemble --no-daemon \
+# -x test -x integrationTest \
+# # -Dorg.gradle.debug=true -Dorg.gradle.debug.suspend=no --debug \
+# --parallel
+#
+#RUN ls -la /project/build/libs/
+
+########################################## USERDETAILS #########################################
FROM gradle:7-jdk11 AS userdetails-builder
ARG USERDETAILS_VERSION=3.0.3
@@ -228,8 +228,8 @@ COPY --from=spatial-service-builder \
/project/build/libs/project-${SPATIAL_SERVICE_VERSION}-plain.war ${CATALINA_HOME}/webapps/spatial-service.war
COPY --from=species-list-builder \
/project/build/libs/specieslist-webapp-${SPECIES_LIST_VERSION}-plain.war ${CATALINA_HOME}/webapps/species-list.war
-COPY --from=cas-apikey-builder \
- /project/build/libs/apikey-${CAS_APIKEY_VERSION}-plain.war ${CATALINA_HOME}/webapps/cas-apikey.war
+#COPY --from=cas-apikey-builder \
+# /project/build/libs/apikey-${CAS_APIKEY_VERSION}-plain.war ${CATALINA_HOME}/webapps/cas-apikey.war
COPY --from=userdetails-builder \
/project/build/libs/userdetails-${USERDETAILS_VERSION}-plain.war ${CATALINA_HOME}/webapps/userdetails.war
diff --git a/docker/atlas-all/conf/Catalina/localhost/logger-service.xml b/docker/atlas-all/conf/Catalina/localhost/logger-service.xml
new file mode 100644
index 00000000..64bf3ab4
--- /dev/null
+++ b/docker/atlas-all/conf/Catalina/localhost/logger-service.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docker/atlas-all/conf/Catalina/localhost/userdetails.xml b/docker/atlas-all/conf/Catalina/localhost/userdetails.xml
new file mode 100644
index 00000000..6ad99052
--- /dev/null
+++ b/docker/atlas-all/conf/Catalina/localhost/userdetails.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/META-INF/context.xml b/docker/atlas-all/tomcat-manager-ui/host-manager/META-INF/context.xml
new file mode 100644
index 00000000..ec9557c6
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/META-INF/context.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
\ No newline at end of file
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/401.jsp b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/401.jsp
new file mode 100644
index 00000000..047766bb
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/401.jsp
@@ -0,0 +1,71 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+
+
+
+ 401 Unauthorized
+
+
+
+
401 Unauthorized
+
+ You are not authorized to view this page. If you have not changed
+ any configuration files, please examine the file
+ conf/tomcat-users.xml in your installation. That
+ file must contain the credentials to let you use this webapp.
+
+
+ For example, to add the admin-gui role to a user named
+ tomcat with a password of s3cret, add the following to the
+ config file listed above.
+
+ Note that for Tomcat 7 onwards, the roles required to use the host manager
+ application were changed from the single admin role to the
+ following two roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+
+
+
admin-gui - allows access to the HTML GUI
+
admin-script - allows access to the text interface
+
+
+ The HTML interface is protected against CSRF but the text interface is not.
+ To maintain the CSRF protection:
+
+
+
Users with the admin-gui role should not be granted the
+ admin-script role.
+
If the text interface is accessed through a browser (e.g. for testing
+ since this interface is intended for tools not humans) then the browser
+ must be closed afterwards to terminate the session.
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/403.jsp b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/403.jsp
new file mode 100644
index 00000000..74e1e2da
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/403.jsp
@@ -0,0 +1,90 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+
+
+
+ 403 Access Denied
+
+
+
+
403 Access Denied
+
+ You are not authorized to view this page.
+
+
+ By default the Host Manager is only accessible from a browser running on the
+ same machine as Tomcat. If you wish to modify this restriction, you'll need
+ to edit the Host Manager's context.xml file.
+
+
+ If you have already configured the Host Manager application to allow access
+ and you have used your browsers back button, used a saved book-mark or
+ similar then you may have triggered the cross-site request forgery (CSRF)
+ protection that has been enabled for the HTML interface of the Host Manager
+ application. You will need to reset this protection by returning to the
+ main Host Manager page.
+ Once you return to this page, you will be able to continue using the Host
+ Manager application's HTML interface normally. If you continue to see this
+ access denied message, check that you have the necessary permissions to
+ access this application.
+
+
If you have not changed
+ any configuration files, please examine the file
+ conf/tomcat-users.xml in your installation. That
+ file must contain the credentials to let you use this webapp.
+
+
+ For example, to add the admin-gui role to a user named
+ tomcat with a password of s3cret, add the following to the
+ config file listed above.
+
+ Note that for Tomcat 7 onwards, the roles required to use the host manager
+ application were changed from the single admin role to the
+ following two roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+
+
+
admin-gui - allows access to the HTML GUI
+
admin-script - allows access to the text interface
+
+
+ The HTML interface is protected against CSRF but the text interface is not.
+ To maintain the CSRF protection:
+
+
+
Users with the admin-gui role should not be granted the
+ admin-script role.
+
If the text interface is accessed through a browser (e.g. for testing
+ since this interface is intended for tools not humans) then the browser
+ must be closed afterwards to terminate the session.
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/404.jsp b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/404.jsp
new file mode 100644
index 00000000..1950b776
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/jsp/404.jsp
@@ -0,0 +1,62 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page import="org.apache.tomcat.util.security.Escape" session="false"
+ trimDirectiveWhitespaces="true" %>
+
+
+
+ 404 Not found
+
+
+
+
404 Not found
+
+ The page you tried to access
+ (<%=Escape.htmlElementContent((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+
+
+ The Host Manager application has been re-structured for Tomcat 7 onwards and
+ some URLs have changed. All URLs used to access the Manager application
+ should now start with one of the following options:
+
+
+
<%=request.getContextPath()%>/html for the HTML GUI
+
<%=request.getContextPath()%>/text for the text interface
+
+
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+
+
+ You probably need to adjust the URL you are using to access the Host Manager
+ application. However, there is always a chance you have found a bug in the
+ Host Manager application. If you are sure you have found a bug, and that the
+ bug has not already been reported, please report it to the Apache Tomcat
+ team.
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/web.xml b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/web.xml
new file mode 100644
index 00000000..e9faa2c4
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/WEB-INF/web.xml
@@ -0,0 +1,131 @@
+
+
+
+
+ Tomcat Host Manager Application
+
+ A scriptable host management web application for the Tomcat Web Server;
+ Manager lets you view, create and remove virtual hosts.
+
+
+ UTF-8
+
+
+ HostManager
+ org.apache.catalina.manager.host.HostManagerServlet
+
+ debug
+ 2
+
+
+
+ HTMLHostManager
+ org.apache.catalina.manager.host.HTMLHostManagerServlet
+
+ debug
+ 2
+
+
+
+
+ CSRF
+ org.apache.catalina.filters.CsrfPreventionFilter
+
+ entryPoints
+ /html,/html/,/html/list,/index.jsp
+
+
+
+
+ CSRF
+ HTMLHostManager
+
+
+
+
+ HostManager
+ /text/*
+
+
+ HTMLHostManager
+ /html/*
+
+
+
+
+
+ HostManager commands
+ /text/*
+
+
+
+ admin-script
+
+
+
+
+ HTMLHostManager commands
+ /html/*
+
+
+
+ admin-gui
+
+
+
+
+
+ BASIC
+ Tomcat Host Manager Application
+
+
+
+
+
+ The role that is required to log in to the Host Manager Application HTML
+ interface
+
+ admin-gui
+
+
+
+ The role that is required to log in to the Host Manager Application text
+ interface
+
+ admin-script
+
+
+
+ 401
+ /WEB-INF/jsp/401.jsp
+
+
+ 403
+ /WEB-INF/jsp/403.jsp
+
+
+ 404
+ /WEB-INF/jsp/404.jsp
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/images/asf-logo.svg b/docker/atlas-all/tomcat-manager-ui/host-manager/images/asf-logo.svg
new file mode 100644
index 00000000..e24cbe52
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/images/asf-logo.svg
@@ -0,0 +1,226 @@
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/images/tomcat.gif b/docker/atlas-all/tomcat-manager-ui/host-manager/images/tomcat.gif
new file mode 100644
index 00000000..f2aa6f86
Binary files /dev/null and b/docker/atlas-all/tomcat-manager-ui/host-manager/images/tomcat.gif differ
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/index.jsp b/docker/atlas-all/tomcat-manager-ui/host-manager/index.jsp
new file mode 100644
index 00000000..2806b76e
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/index.jsp
@@ -0,0 +1,18 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+<% response.sendRedirect(request.getContextPath() + "/html"); %>
\ No newline at end of file
diff --git a/docker/atlas-all/tomcat-manager-ui/host-manager/manager.xml b/docker/atlas-all/tomcat-manager-ui/host-manager/manager.xml
new file mode 100644
index 00000000..2510acbc
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/host-manager/manager.xml
@@ -0,0 +1,26 @@
+
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/META-INF/context.xml b/docker/atlas-all/tomcat-manager-ui/manager/META-INF/context.xml
new file mode 100644
index 00000000..9e594463
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/META-INF/context.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/401.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/401.jsp
new file mode 100644
index 00000000..84c9a970
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/401.jsp
@@ -0,0 +1,80 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+
+
+
+ 401 Unauthorized
+
+
+
+
401 Unauthorized
+
+ You are not authorized to view this page. If you have not changed
+ any configuration files, please examine the file
+ conf/tomcat-users.xml in your installation. That
+ file must contain the credentials to let you use this webapp.
+
+
+ For example, to add the manager-gui role to a user named
+ tomcat with a password of s3cret, add the following to the
+ config file listed above.
+
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single manager role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+
+
+
manager-gui - allows access to the HTML GUI and the status
+ pages
+
manager-script - allows access to the text interface and the
+ status pages
+
manager-jmx - allows access to the JMX proxy and the status
+ pages
+
manager-status - allows access to the status pages only
+
+
+ The HTML interface is protected against CSRF but the text and JMX interfaces
+ are not. To maintain the CSRF protection:
+
+
+
Users with the manager-gui role should not be granted either
+ the manager-script or manager-jmx roles.
+
If the text or jmx interfaces are accessed through a browser (e.g. for
+ testing since these interfaces are intended for tools not humans) then
+ the browser must be closed afterwards to terminate the session.
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/403.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/403.jsp
new file mode 100644
index 00000000..4baa2f4c
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/403.jsp
@@ -0,0 +1,100 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+
+
+
+ 403 Access Denied
+
+
+
+
403 Access Denied
+
+ You are not authorized to view this page.
+
+
+ By default the Manager is only accessible from a browser running on the
+ same machine as Tomcat. If you wish to modify this restriction, you'll need
+ to edit the Manager's context.xml file.
+
+
+ If you have already configured the Manager application to allow access and
+ you have used your browsers back button, used a saved book-mark or similar
+ then you may have triggered the cross-site request forgery (CSRF) protection
+ that has been enabled for the HTML interface of the Manager application. You
+ will need to reset this protection by returning to the
+ main Manager page. Once you
+ return to this page, you will be able to continue using the Manager
+ application's HTML interface normally. If you continue to see this access
+ denied message, check that you have the necessary permissions to access this
+ application.
+
+
+ If you have not changed
+ any configuration files, please examine the file
+ conf/tomcat-users.xml in your installation. That
+ file must contain the credentials to let you use this webapp.
+
+
+ For example, to add the manager-gui role to a user named
+ tomcat with a password of s3cret, add the following to the
+ config file listed above.
+
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single manager role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+
+
+
manager-gui - allows access to the HTML GUI and the status
+ pages
+
manager-script - allows access to the text interface and the
+ status pages
+
manager-jmx - allows access to the JMX proxy and the status
+ pages
+
manager-status - allows access to the status pages only
+
+
+ The HTML interface is protected against CSRF but the text and JMX interfaces
+ are not. To maintain the CSRF protection:
+
+
+
Users with the manager-gui role should not be granted either
+ the manager-script or manager-jmx roles.
+
If the text or jmx interfaces are accessed through a browser (e.g. for
+ testing since these interfaces are intended for tools not humans) then
+ the browser must be closed afterwards to terminate the session.
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/404.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/404.jsp
new file mode 100644
index 00000000..111a8008
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/404.jsp
@@ -0,0 +1,63 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page import="org.apache.tomcat.util.security.Escape" session="false"
+ trimDirectiveWhitespaces="true" %>
+
+
+
+ 404 Not found
+
+
+
+
404 Not found
+
+ The page you tried to access
+ (<%=Escape.htmlElementContent((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+
+
+ The Manager application has been re-structured for Tomcat 7 onwards and some
+ of URLs have changed. All URLs used to access the Manager application should
+ now start with one of the following options:
+
+
+
<%=request.getContextPath()%>/html for the HTML GUI
+
<%=request.getContextPath()%>/text for the text interface
+
<%=request.getContextPath()%>/jmxproxy for the JMX proxy
+
<%=request.getContextPath()%>/status for the status pages
+
+
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+
+
+ You probably need to adjust the URL you are using to access the Manager
+ application. However, there is always a chance you have found a bug in the
+ Manager application. If you are sure you have found a bug, and that the bug
+ has not already been reported, please report it to the Apache Tomcat team.
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorCerts.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorCerts.jsp
new file mode 100644
index 00000000..a2f5de72
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorCerts.jsp
@@ -0,0 +1,92 @@
+
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@page session="false" contentType="text/html; charset=ISO-8859-1" %>
+<%@page import="java.util.Map" %>
+<%@page import="java.util.Map.Entry" %>
+<%@page import="java.util.List" %>
+
+
+
+<% Map> certList = (Map>) request.getAttribute("certList");
+%>
+
+
+
+
+
+
+
+
+ Configured certificate chains per Connector
+
+
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorCiphers.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorCiphers.jsp
new file mode 100644
index 00000000..915508e4
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorCiphers.jsp
@@ -0,0 +1,92 @@
+
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@page session="false" contentType="text/html; charset=ISO-8859-1" %>
+<%@page import="java.util.Map" %>
+<%@page import="java.util.Map.Entry" %>
+<%@page import="java.util.List" %>
+
+
+
+<% Map> cipherList = (Map>) request.getAttribute("cipherList");
+%>
+
+
+
+
+
+
+
+
+ Configured ciphers per Connector
+
+
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorTrustedCerts.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
new file mode 100644
index 00000000..bdf7ac45
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
@@ -0,0 +1,92 @@
+
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@page session="false" contentType="text/html; charset=ISO-8859-1" %>
+<%@page import="java.util.Map" %>
+<%@page import="java.util.Map.Entry" %>
+<%@page import="java.util.List" %>
+
+
+
+<% Map> trustedCertList = (Map>) request.getAttribute("trustedCertList");
+%>
+
+
+
+
+
+
+
+
+ Trusted certificates per Connector
+
+
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/sessionDetail.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/sessionDetail.jsp
new file mode 100644
index 00000000..1d25de94
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/sessionDetail.jsp
@@ -0,0 +1,197 @@
+
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@page session="false" contentType="text/html; charset=ISO-8859-1" %>
+<%@page import="java.util.Enumeration" %>
+<%@page import="javax.servlet.http.HttpSession" %>
+<%@page import="org.apache.catalina.Session" %>
+<%@page import="org.apache.catalina.manager.JspHelper" %>
+<%@page import="org.apache.catalina.util.ContextName" %>
+
+<%--!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"--%>
+
+
+<% String path = (String) request.getAttribute("path");
+ String version = (String) request.getAttribute("version");
+ ContextName cn = new ContextName(path, version);
+ Session currentSession = (Session)request.getAttribute("currentSession");
+ String currentSessionId = null;
+ HttpSession currentHttpSession = null;
+ if (currentSession != null) {
+ currentHttpSession = currentSession.getSession();
+ currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ } else {
+ currentSessionId = "Session invalidated";
+ }
+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ "?path=" + path + "&version=" + version));
+%>
+
+
+
+
+
+
+
+
+
+ Sessions Administration: details for <%= currentSessionId %>
+
+
+<% if (currentHttpSession == null) { %>
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/sessionsList.jsp b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/sessionsList.jsp
new file mode 100644
index 00000000..b61d07c4
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/jsp/sessionsList.jsp
@@ -0,0 +1,170 @@
+
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@page session="false" contentType="text/html; charset=ISO-8859-1" %>
+<%@page import="java.util.Collection" %>
+<%@page import="org.apache.catalina.manager.JspHelper" %>
+<%@page import="org.apache.catalina.Session" %>
+<%@page import="org.apache.catalina.ha.session.DeltaSession" %>
+<%@page import="org.apache.catalina.util.ContextName" %>
+
+
+
+<%@page import="org.apache.catalina.manager.DummyProxySession"%>
+<% String path = (String) request.getAttribute("path");
+ String version = (String) request.getAttribute("version");
+ ContextName cn = new ContextName(path, version);
+ String submitUrl = JspHelper.escapeXml(response.encodeURL(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ "?path=" + path + "&version=" + version));
+ Collection activeSessions = (Collection) request.getAttribute("activeSessions");
+%>
+
+
+
+
+
+
+
+
+
+ Sessions Administration for <%= JspHelper.escapeXml(cn.getDisplayName()) %>
+
+
+
Sessions Administration for <%= JspHelper.escapeXml(cn.getDisplayName()) %>
+
+
Tips:
+
+
Click on a column to sort.
+
To view a session details and/or remove a session attributes, click on its id.
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/web.xml b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/web.xml
new file mode 100644
index 00000000..e73aae05
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/WEB-INF/web.xml
@@ -0,0 +1,195 @@
+
+
+
+
+ Tomcat Manager Application
+
+ A scriptable management web application for the Tomcat Web Server;
+ Manager lets you view, load/unload/etc particular web applications.
+
+
+ UTF-8
+
+
+ Manager
+ org.apache.catalina.manager.ManagerServlet
+
+ debug
+ 2
+
+
+
+ HTMLManager
+ org.apache.catalina.manager.HTMLManagerServlet
+
+ debug
+ 2
+
+
+
+
+ 52428800
+ 52428800
+ 0
+
+
+
+ Status
+ org.apache.catalina.manager.StatusManagerServlet
+
+ debug
+ 0
+
+
+
+
+ JMXProxy
+ org.apache.catalina.manager.JMXProxyServlet
+
+
+
+
+ Manager
+ /text/*
+
+
+ Status
+ /status/*
+
+
+ JMXProxy
+ /jmxproxy/*
+
+
+ HTMLManager
+ /html/*
+
+
+
+ CSRF
+ org.apache.catalina.filters.CsrfPreventionFilter
+
+ entryPoints
+ /html,/html/,/html/list,/index.jsp
+
+
+
+
+ CSRF
+ HTMLManager
+
+
+
+
+
+
+ HTML Manager interface (for humans)
+ /html/*
+
+
+ manager-gui
+
+
+
+
+ Text Manager interface (for scripts)
+ /text/*
+
+
+ manager-script
+
+
+
+
+ JMX Proxy interface
+ /jmxproxy/*
+
+
+ manager-jmx
+
+
+
+
+ Status interface
+ /status/*
+
+
+ manager-gui
+ manager-script
+ manager-jmx
+ manager-status
+
+
+
+
+
+ BASIC
+ Tomcat Manager Application
+
+
+
+
+
+ The role that is required to access the HTML Manager pages
+
+ manager-gui
+
+
+
+ The role that is required to access the text Manager pages
+
+ manager-script
+
+
+
+ The role that is required to access the HTML JMX Proxy
+
+ manager-jmx
+
+
+
+ The role that is required to access to the Manager Status pages
+
+ manager-status
+
+
+
+ 401
+ /WEB-INF/jsp/401.jsp
+
+
+ 403
+ /WEB-INF/jsp/403.jsp
+
+
+ 404
+ /WEB-INF/jsp/404.jsp
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/images/asf-logo.svg b/docker/atlas-all/tomcat-manager-ui/manager/images/asf-logo.svg
new file mode 100644
index 00000000..e24cbe52
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/images/asf-logo.svg
@@ -0,0 +1,226 @@
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/images/tomcat.gif b/docker/atlas-all/tomcat-manager-ui/manager/images/tomcat.gif
new file mode 100644
index 00000000..f2aa6f86
Binary files /dev/null and b/docker/atlas-all/tomcat-manager-ui/manager/images/tomcat.gif differ
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/index.jsp b/docker/atlas-all/tomcat-manager-ui/manager/index.jsp
new file mode 100644
index 00000000..2806b76e
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/index.jsp
@@ -0,0 +1,18 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
+<% response.sendRedirect(request.getContextPath() + "/html"); %>
\ No newline at end of file
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/status.xsd b/docker/atlas-all/tomcat-manager-ui/manager/status.xsd
new file mode 100644
index 00000000..5af979d8
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/status.xsd
@@ -0,0 +1,84 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docker/atlas-all/tomcat-manager-ui/manager/xform.xsl b/docker/atlas-all/tomcat-manager-ui/manager/xform.xsl
new file mode 100644
index 00000000..06ced016
--- /dev/null
+++ b/docker/atlas-all/tomcat-manager-ui/manager/xform.xsl
@@ -0,0 +1,125 @@
+
+
+
+
+
+
+
+
+
+
+
+ Tomcat Status
+
+
+
+
Tomcat Status
+
+
+
+
+
+
+
+
+
+ Memory Pools
+
+
+
+
+
+
+
JVM:
+
free:
+
total:
+
max:
+
+
+
+
+
+
+
Name:
+
Type:
+
Initial:
+
Committed:
+
Maximum:
+
Used:
+
+
+
+
+
+ Connector --
+
+
+
+
+
+
+
+
+
threadInfo
+
maxThreads:
+
currentThreadCount:
+
currentThreadsBusy:
+
+
+
+
+
+
+
requestInfo
+
maxTime:
+
processingTime:
+
requestCount:
+
errorCount:
+
bytesReceived:
+
bytesSent:
+
+
+
+
+
+
+
Stage
Time
B Sent
B Recv
Client
VHost
Request
+
+
+
+
+
+
+
+
+
+
+
+
+
+
?
+
+
+
+
diff --git a/docker/db-init/mysql/10-cas.sql b/docker/db-init/mysql/10-cas.sql
index e5eb2a31..e605895f 100755
--- a/docker/db-init/mysql/10-cas.sql
+++ b/docker/db-init/mysql/10-cas.sql
@@ -1,4 +1,5 @@
CREATE USER cas IDENTIFIED BY 'my-super-secret-password';
+ALTER USER IF EXISTS 'cas'@'%' IDENTIFIED BY 'my-super-secret-password';
CREATE DATABASE cas CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON cas . * TO 'cas';
diff --git a/docker/db-init/mysql/10-logger.sql b/docker/db-init/mysql/10-logger.sql
new file mode 100644
index 00000000..57243936
--- /dev/null
+++ b/docker/db-init/mysql/10-logger.sql
@@ -0,0 +1,4 @@
+CREATE DATABASE logger CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+CREATE USER logger IDENTIFIED BY 'my-super-secret-password'; -- TODO extract this super secret password to an env variable....
+ALTER USER IF EXISTS 'logger'@'%' IDENTIFIED BY 'my-super-secret-password';
+GRANT ALL PRIVILEGES ON logger . * TO 'logger';
\ No newline at end of file
diff --git a/docker/db-init/postgis/10-image-service.sql b/docker/db-init/postgis/10-image-service.sql
new file mode 100644
index 00000000..7131414a
--- /dev/null
+++ b/docker/db-init/postgis/10-image-service.sql
@@ -0,0 +1,12 @@
+CREATE DATABASE images;
+
+CREATE USER images WITH PASSWORD 'my-super-secret-password';
+ALTER USER images WITH PASSWORD 'my-super-secret-password';
+GRANT CONNECT ON DATABASE images TO images;
+GRANT CREATE ON DATABASE images TO images;
+
+\connect images;
+GRANT ALL ON SCHEMA public TO images;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO images;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO images;
+GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO images;
\ No newline at end of file
diff --git a/docker/db-init/postgis/10-spatial.sql b/docker/db-init/postgis/10-spatial.sql
index 8f4593e4..7038b02d 100755
--- a/docker/db-init/postgis/10-spatial.sql
+++ b/docker/db-init/postgis/10-spatial.sql
@@ -1,4 +1,24 @@
-CREATE DATABASE layersdb;
-
CREATE USER spatial WITH PASSWORD 'my-super-secret-password';
+ALTER USER spatial WITH PASSWORD 'my-super-secret-password';
+
+GRANT spatial TO postgres;
+
+CREATE DATABASE layersdb OWNER spatial;
+
GRANT ALL PRIVILEGES ON DATABASE layersdb TO spatial;
+
+\connect layersdb;
+
+-- Enable PostGIS (includes raster)
+CREATE EXTENSION postgis;
+-- Enable Topology
+CREATE EXTENSION postgis_topology;
+
+GRANT ALL ON SCHEMA public TO spatial;
+GRANT ALL ON SCHEMA topology TO spatial;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO spatial;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO spatial;
+GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO spatial;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA topology TO spatial;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA topology TO spatial;
+GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA topology TO spatial;
diff --git a/docker/db-init/postgis/20-init-layersdb.sql b/docker/db-init/postgis/20-init-layersdb.sql
index 1a6df52f..a6653552 100644
--- a/docker/db-init/postgis/20-init-layersdb.sql
+++ b/docker/db-init/postgis/20-init-layersdb.sql
@@ -20,12 +20,7 @@ SET default_with_oids = false;
-- CREATE USER ${POSTGRES_USER} WITH PASSWORD '${POSTGRES_PASSWORD}';
-- GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_USER};
-\connect layersdb;
-
--- Enable PostGIS (includes raster)
-CREATE EXTENSION postgis;
--- Enable Topology
-CREATE EXTENSION postgis_topology;
+\connect layersdb spatial;
CREATE TYPE searchobjectstype AS
(
diff --git a/docker/docker-compose-all.yaml b/docker/docker-compose-all.yaml
index 644f3a7c..ef02b593 100644
--- a/docker/docker-compose-all.yaml
+++ b/docker/docker-compose-all.yaml
@@ -3,6 +3,7 @@ services:
image: 632683202044.dkr.ecr.eu-west-1.amazonaws.com/living-atlas:dev
build:
context: atlas-all
+### !! Comment the next section out on local environment (unless it's arm64)
x-bake:
platforms:
- linux/arm64
@@ -10,10 +11,15 @@ services:
- "8080:8080"
volumes:
- ../config:/config/config:ro
+ - ./atlas-all/tomcat-manager-ui/host-manager:/usr/local/tomcat/webapps/host-manager
+ - ./atlas-all/tomcat-manager-ui/manager:/usr/local/tomcat/webapps/manager
- vbp-data:/data
environment:
SPRING_PROFILES_ACTIVE: local
# LOG_FORMAT: JSON
+# depends_on:
+# mysql-logger-init:
+# condition: service_completed_successfully
postgis:
image: postgis/postgis:16-3.4-alpine
@@ -79,6 +85,26 @@ services:
healthcheck:
test: mysqladmin ping -h localhost
+ mysql-logger-init:
+# image: 632683202044.dkr.ecr.eu-west-1.amazonaws.com/docker-hub/library/mysql
+ image: mysql
+ volumes:
+ - ../config:/config/config:ro
+ command: bash -c "cat /config/config/logger/db-init/*.sql | mysql --host=mysql --user=logger --password=my-super-secret-password --database logger"
+ depends_on:
+ mysql:
+ condition: service_healthy
+
+ mysql-userdetails-init:
+ # image: 632683202044.dkr.ecr.eu-west-1.amazonaws.com/docker-hub/library/mysql
+ image: mysql
+ volumes:
+ - ../config:/config/config:ro
+ command: bash -c "cat /config/config/userdetails/db-init/*.sql | mysql --host=mysql --user=cas --password=my-super-secret-password --database cas"
+ depends_on:
+ mysql:
+ condition: service_healthy
+
cassandradb:
image: cassandra:3
environment: