Trac on Solaris using Apache mod_python and https

If Trac is being used by a distributed team over the internet we want to remove all privileges from unauthenticated users:

  trac-admin $tracenv permission remove anonymous $perm
  trac-admin $tracenv permission add authenticated $perm

We also want to encrypt traffic to the site. To do this I tried stunnel…

/opt/csw/bin/pkg-get -i stunnel

…and placed the following in /opt/csw/etc/stunnel/stunnel.conf

accept  = 443
connect = 8000

I also commented out the chroot setup. Once configured all that is required is to run

cd /opt/csw/etc/stunnel 

…and change /var/opt/csw/trac/conf/trac.ini

authz_file =
authz_module_name =
base_url =

The bad news is that Trac 0.10.4 does not consistently use base_url, so creating a ticket, for example, redirects the user to an http page.

HTTPS=1; export HTTPS
nohup tracd --port 8000 $tracenv &

To resolve this issue I decided to move from tracd/stunnel to Apache2/mod_python. The default Solaris 10 distribution includes apache2 but not mod_python. Instead I installed mod_python from Blastwave, which in turn automatically installs the Blastwave cswapache2 package below /opt/csw/apache2.

pkg-get install ap2_modpython

We will want to run trac under apache2 using a dedicated account:

groupadd -g 202 trac
useradd -g trac -u 202 -d /var/opt/csw/trac trac
chown -R trac:trac /var/opt/csw/trac

Modified /opt/csw/apache2/etc/httpd.conf

User trac
Group trac
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/opt/csw/trac

Created a self-signed certificate for the site:

cd /opt/csw/apache2/etc
/usr/sfw/bin/openssl genrsa -out server.key 2048
/usr/sfw/bin/openssl req -new -x509 -key server.key -out server.crt -days 365 -subj "/C=US/ST=Florida/O=My Company/"

Modified /opt/csw/apache2/etc/extra/httpd-ssl.conf


   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/opt/csw/trac

To start Blastwave Apache2 using SMF on Solaris:

svccfg -s cswapache2 setprop httpd/ssl=true
svccfg -s cswapache2 listprop

svcadm enable cswapache2

To check status

svcs cswapache2
svcs –xv

Trac on Solaris

Trac is a web-based software project management and bug/issue tracking system. Example publicly accessible sites that use Trac include

Getting Trac installed on Solaris 10 is easy, see Question is, what next?

Blastwave packages are installed below /opt/csw (csw = Community SoftWare). /opt/csw/share/doc/trac/INSTALL provides the next steps. I used:

trac-admin $tracenv initenv
tracd --port 8000 $tracenv & # no authentication
firefox http://localhost:8000/trac

For a small number of users the tracd standalone server is good enough. Authentication can be managed with htdigest on Solaris 10 thusly:

/usr/apache2/bin/htdigest -c $tracenv/conf/users.htdigest fred

Tracd can then be started like this:

nohup tracd --port 8000 --auth *,$tracenv/conf/users.htdigest, $tracenv &

To change the logo upload the new logo to /opt/csw/share/trac/htdocs and modify trac.ini

link =
src = common/mylogo.png
descr = My Trac
footer = Visit the Trac open source project at
icon = common/trac.ico
name = My Project
url =

Trac is much easier to administer with the WebAdmin plugin, which for Trac 0.10.4 requires downloading and installing from source:


To get started a Trac administrator has to be empowered:

trac-admin /var/opt/csw/trac permission add fred TRAC_ADMIN

To simplify account administration we’ll also try an account manger plugin


…and change /var/opt/csw/trac/conf/trac.ini

webadmin.* = enabled
trac.web.auth.LoginModule = disabled
acct_mgr.api = enabled
acct_mgr.htfile.HtDigestStore = enabled
acct_mgr.web_ui.AccountModule = enabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.web_ui.RegistrationModule = disabled
acct_mgr.admin.AccountManagerAdminPage = enabled
password_format = htdigest
password_store = HtDigestStore
password_file = /var/opt/csw/trac/conf/users.htdigest
htdigest_realm =

Tracd can then be started like this:

nohup tracd --port 8000 $tracenv &

To manage custom fields we’ll add another plugin


…and change /var/opt/csw/trac/conf/trac.ini

customfieldadmin.* = enabled

Installing JBoss with Oracle XE on Windows

Both Tomcat and Oracle XML DB use port 8080 by default. Before installing JBoss I first changed the default port for XML DB as suggested here.

call dbms_xdb.cfg_update(updateXML(
          , '/xdbconfig/sysconfig/protocolconfig/httpconfig/http-port/text()'
          , 8081))

I restarted the Oracle database and verified port 8081 was in use and not 8080.

CruiseControl and Subversion

Getting started with CruiseControl is relatively straightforward, see

To place an application on CruiseControl it should have an Ant script to build it. The application Ant script does not need to interact with Subversion. The source for the application including the Ant script should be checked into Subversion.

I started to install CruiseControl by downloading and compiling the source, but my version of ant was too old. Instead I downloaded the binary (which ironically includes a newer ant also):

su -
unzip -d /opt

useradd --system --home /srv/cruisecontrol --create-home --gecos "System account to run CruiseControl" cruise
usermod -s /bin/ksh cruise
su – cruise
mkdir checkout logs artifacts

Now we need to configure CruiseControl to monitor the Subversion repository. Create config.xml:


Build-myproj.xml contains Ant steps to checkout a clean copy of the application and build it:

To setup the dashboard, running at :8080

su - cruise cp /opt/cruisecontrol-bin-2.7.2/dashboard-config.xml . kill `cat`

Installing Subversion on Ubuntu

There are many ways to do it, but this incantation worked for me on an Ubuntu host. This is an ‘entry level’ setup with one repository and simple authentication. Read the Subversion book and Ubuntu documentation to understand.

su -
apt-get install subversion
adduser --system --home /srv/svn --gecos "System account to run svnserve" svn
svnadmin create /srv/svn
chown -R svn:nogroup /srv/svn

apt-get install xinetd
cat >> /etc/xinetd.d/svn << "EOF"
service svn
        port                    = 3690
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = svn
        server                  = /usr/bin/svnserve
        server_args             = -i -r /srv/svn
/etc/init.d/xinetd restart

# uncomment line to use default password file (~svn/conf/passwd)
vi ~svn/conf/svnserve.conf

cat >> ~svn/conf/passwd << "EOF"
fred = *****
chmod 600 ~svn/conf/passwd

Struts Guidelines

Struts (or more correctly, the Struts Action Framework) is probably the most successful Java web-application framework to date. It enables organization of Java web-applications using a model-view-controller (MVC) approach that makes it easier to write and maintain non-trivial applications.

The framework comprises

  • A front controller servlet (ActionServlet) that accepts, processes, and routes all incoming HTTP requests in accordance with a configuration file (struts-config.xml)

  • RequestProcessor and Action classes that can be extended and customized with application logic.

  • A set of JSP tag libraries (html, bean, logic, tiles) to simplify building forms and displaying output.

  • Support for populating HTML form input into regular or dynamic beans (DynaBeans).

  • Support for validating input and displaying error messages (ActionErrors,

The version of Struts shipped with JDeveloper 10.1.2 was 1.1. A number of books have been written about this version, see the Apache Struts 1.1 Project Home Page. Using 1.2 should not be a significant problem, but it does not include compelling enhancements. Note Struts 1.1 includes Commons BeanUtils 1.6.


  • Organize applications into pages, eg. CustomerSearch.jsp, CustomerView.jsp, CustomerEdit.jsp.

  • Follow the Oracle Browser Look And Feel (BLAF) guidelines for all corporate applications, see the Oracle Browser Look and Feel (BLAF) Guidelines. Use the blaf.css provided with JDeveloper, do not modify it.  Use the icons from the BLAF icon repository.

  • Place all JSPs into the WEB-INF directory, where they cannot be invoked directly. Provide a start.jsp in the public web root directory that forwards to a Struts action to start the application. Set start.jsp as the welcome file in web.xml.

  • Refrain from adding scriplets to JSPs as far as possible: place code in the corresponding Java class and use Struts :bean tags to display results in the JSP.

Action Classes

  • For each JSP create a corresponding Java class that extends DispatchAction and which handles requests from the JSP.

  • Use DynaActionForms to capture form input. These are configured in struts-config.xml, eliminating the need to write Java bean classes for each input form.

  • Validate all input on the server side. Although JavaScript can be used on the client for added responsiveness, client side validation can always be bypassed or disabled.

  • Do not place database access code into JSPs or Action classes: factor out this code into separate data access objects (DAOs). Configure data sources using the servlet container, not the (deprecated) struts-config.xml option. Name data sources after the username or schema used for the connection, not the target database instance.

Error Handling

  • Write error diagnostic and tracing information to the servlet context log, do not simply print a stack trace.  This may be done by extending struts.action.RequestProcessor.

  • Declare error pages in web.xml to handle unexpected server errors (500) and missing resources (404).  It may be convenient to comment these out in development environments.

  • Review Ambysoft’s Coding Standards for Java

  • At a minimum use an initial capital for classes and an initial lower case for variables. Use all caps only for constants, ie. where ‘static final’ is used.

  • Do not declare global variables: at a minimum use singleton beans. Global constants are OK.


Posts navigation

1 2 3 4 5 6
Scroll to top