Skip to content

Commit

Permalink
fixes #549 and partially reverts #c7dd64dc (#550)
Browse files Browse the repository at this point in the history
* fixes #547 and partially reverts #c7dd64dc

* fix build
  • Loading branch information
NyakudyaA authored Aug 6, 2023
1 parent 8df28f0 commit 382c078
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 9 deletions.
6 changes: 4 additions & 2 deletions build_data/web.xml
Original file line number Diff line number Diff line change
Expand Up @@ -461,7 +461,7 @@
<!-- blockContentTypeSniffingEnabled -->
<!-- Should the header that blocks content type -->
<!-- sniffing be added to every response? [true] -->

<!-- SECURITY_START -->
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
Expand All @@ -471,6 +471,7 @@
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<!-- SECURITY_END -->

<!-- A filter that sets character encoding that is used to decode -->
<!-- parameters in a POST request -->
Expand Down Expand Up @@ -561,12 +562,13 @@
<!-- ==================== Built In Filter Mappings ====================== -->

<!-- The mapping for the HTTP header security Filter -->

<!-- SECURITY_START -->
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- SECURITY_END -->

<!-- The mapping for the Set Character Encoding Filter -->
<!--
Expand Down
7 changes: 7 additions & 0 deletions scripts/env-data.sh
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,13 @@ if [ -z "${DISABLE_CORS}" ]; then
DISABLE_CORS=false
fi

if [ -z "${DISABLE_SECURITY_FILTER}" ]; then
DISABLE_SECURITY_FILTER=false
fi
if [ -z "${ACTIVATE_PROXY_HEADERS}" ]; then
ACTIVATE_PROXY_HEADERS=false
fi

if [ -z "${UPDATE_LOGGING_PROFILES}" ]; then
UPDATE_LOGGING_PROFILES=false
fi
Expand Down
16 changes: 10 additions & 6 deletions scripts/functions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ function web_cors() {
sed -i 's/<!-- CORS_START.*/<!-- CORS DEACTIVATED BY DISABLE_CORS -->\n<!--/; s/^.*<!-- CORS_END -->/-->/' \
${CATALINA_HOME}/conf/web.xml
fi
if [[ "${DISABLE_SECURITY_FILTER}" =~ [Tt][Rr][Uu][Ee] ]]; then
sed -i 's/<!-- SECURITY_START.*/<!-- SECURITY FILTER DEACTIVATED BY DISABLE_SECURITY_FILTER -->\n<!--/; s/^.*<!-- SECURITY_END -->/-->/' \
${CATALINA_HOME}/conf/web.xml
fi
fi
fi
}
Expand Down Expand Up @@ -139,12 +143,12 @@ function detect_install_dir() {

function unzip_geoserver() {
if [[ -f /tmp/geoserver/geoserver.war ]]; then
unzip /tmp/geoserver/geoserver.war -d "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT} &&
validate_geo_install "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT} && \
cp -r "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}/data "${CATALINA_HOME}" &&
mv "${CATALINA_HOME}"/data/security "${CATALINA_HOME}" &&
rm -rf "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}/data &&
mv "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}/WEB-INF/lib/postgresql-* "${CATALINA_HOME}"/postgres_config/ &&
unzip /tmp/geoserver/geoserver.war -d "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}
validate_geo_install "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}
cp -r "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}/data "${CATALINA_HOME}"
mv "${CATALINA_HOME}"/data/security "${CATALINA_HOME}"
rm -rf "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}/data
mv "${CATALINA_HOME}"/webapps/${GEOSERVER_CONTEXT_ROOT}/WEB-INF/lib/postgresql-* "${CATALINA_HOME}"/postgres_config/
rm -rf /tmp/geoserver
else
cp -r /tmp/geoserver/* "${GEOSERVER_HOME}"/ && \
Expand Down
4 changes: 3 additions & 1 deletion scripts/start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,9 @@ else
# default value
eval "$transform"
# Add x-forwarded headers
sed -i.bak -r '/\<\Host\>/ i\ \t<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https"/>' ${CATALINA_HOME}/conf/server.xml
if [[ "${ACTIVATE_PROXY_HEADERS}" =~ [Tt][Rr][Uu][Ee] ]]; then
sed -i.bak -r '/\<\Host\>/ i\ \t<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https"/>' ${CATALINA_HOME}/conf/server.xml
fi
fi


Expand Down

0 comments on commit 382c078

Please sign in to comment.