Category: software development

Trac on Solaris using Apache mod_python and https

If Trac is being used by a distributed team over the internet we want to remove all privileges from unauthenticated users:

for perm in BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW 
REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY TICKET_VIEW 
TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY WIKI_VIEW
do
  trac-admin $tracenv permission remove anonymous $perm
  trac-admin $tracenv permission add authenticated $perm
done

We also want to encrypt traffic to the site. To do this I tried stunnel…

/opt/csw/bin/pkg-get -i stunnel

…and placed the following in /opt/csw/etc/stunnel/stunnel.conf

 [https]
accept  = 443
connect = 8000

I also commented out the chroot setup. Once configured all that is required is to run

cd /opt/csw/etc/stunnel 
/opt/csw/bin/stunnel

…and change /var/opt/csw/trac/conf/trac.ini

 [trac]
authz_file =
authz_module_name =
base_url = https://trac.mydomain.com

The bad news is that Trac 0.10.4 does not consistently use base_url, so creating a ticket, for example, redirects the user to an http page.

PATH=/opt/csw/bin:$PATH
tracenv=/var/opt/csw/trac
HTTPS=1; export HTTPS
nohup tracd --port 8000 $tracenv &

To resolve this issue I decided to move from tracd/stunnel to Apache2/mod_python. The default Solaris 10 distribution includes apache2 but not mod_python. Instead I installed mod_python from Blastwave, which in turn automatically installs the Blastwave cswapache2 package below /opt/csw/apache2.

pkg-get install ap2_modpython

We will want to run trac under apache2 using a dedicated account:

groupadd -g 202 trac
useradd -g trac -u 202 -d /var/opt/csw/trac trac
chown -R trac:trac /var/opt/csw/trac

Modified /opt/csw/apache2/etc/httpd.conf

User trac
Group trac
…
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
…

   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/opt/csw/trac

Created a self-signed certificate for the site:

cd /opt/csw/apache2/etc
PATH=$PATH:/usr/sfw/bin
/usr/sfw/bin/openssl genrsa -out server.key 2048
/usr/sfw/bin/openssl req -new -x509 -key server.key -out server.crt -days 365 -subj "/C=US/ST=Florida/O=My Company/CN=trac.mydomain.com"

Modified /opt/csw/apache2/etc/extra/httpd-ssl.conf

ServerName trac.mydomain.com
…

   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/opt/csw/trac

To start Blastwave Apache2 using SMF on Solaris:

svccfg -s cswapache2 setprop httpd/ssl=true
svccfg -s cswapache2 listprop

svcadm enable cswapache2

To check status

svcs cswapache2
svcs –xv

Trac on Solaris

Trac is a web-based software project management and bug/issue tracking system. Example publicly accessible sites that use Trac include

Getting Trac installed on Solaris 10 is easy, see http://trac.edgewall.org/wiki/TracOnSolaris Question is, what next?

Blastwave packages are installed below /opt/csw (csw = Community SoftWare). /opt/csw/share/doc/trac/INSTALL provides the next steps. I used:

PATH=/opt/csw/bin:$PATH
MANPATH=/opt/csw/share/man:$MANPATH
tracenv=/var/opt/csw/trac
trac-admin $tracenv initenv
tracd --port 8000 $tracenv & # no authentication
firefox http://localhost:8000/trac

For a small number of users the tracd standalone server is good enough. Authentication can be managed with htdigest on Solaris 10 thusly:

/usr/apache2/bin/htdigest -c $tracenv/conf/users.htdigest
mydomain.com fred

Tracd can then be started like this:

PATH=/opt/csw/bin:$PATH
tracenv=/var/opt/csw/trac
nohup tracd --port 8000 --auth *,$tracenv/conf/users.htdigest,mydomain.com $tracenv &

To change the logo upload the new logo to /opt/csw/share/trac/htdocs and modify trac.ini

[header_logo]
…
link = https://trac.mydomain.com/
src = common/mylogo.png
…
[project]
descr = My Trac
footer = Visit the Trac open source project at 
http://trac.edgewall.org/
icon = common/trac.ico
name = My Project
url = https://myproject.mydomain.com/

Trac is much easier to administer with the WebAdmin plugin, which for Trac 0.10.4 requires downloading and installing from source:

easy_install http://svn.edgewall.com/repos/trac/sandbox/webadmin/

To get started a Trac administrator has to be empowered:

trac-admin /var/opt/csw/trac permission add fred TRAC_ADMIN

To simplify account administration we’ll also try an account manger plugin

/opt/csw/bin/easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10

…and change /var/opt/csw/trac/conf/trac.ini

[components]
webadmin.* = enabled
trac.web.auth.LoginModule = disabled
acct_mgr.api = enabled
acct_mgr.htfile.HtDigestStore = enabled
acct_mgr.web_ui.AccountModule = enabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.web_ui.RegistrationModule = disabled
acct_mgr.admin.AccountManagerAdminPage = enabled
[account-manager]
password_format = htdigest
password_store = HtDigestStore
password_file = /var/opt/csw/trac/conf/users.htdigest
htdigest_realm = mydomain.com

Tracd can then be started like this:

PATH=/opt/csw/bin:$PATH
tracenv=/var/opt/csw/trac
nohup tracd --port 8000 $tracenv &

To manage custom fields we’ll add another plugin

easy_install http://trac-hacks.org/svn/customfieldadminplugin/0.10

…and change /var/opt/csw/trac/conf/trac.ini

[components]
customfieldadmin.* = enabled

Installing JBoss with Oracle XE on Windows

Both Tomcat and Oracle XML DB use port 8080 by default. Before installing JBoss I first changed the default port for XML DB as suggested here.

call dbms_xdb.cfg_update(updateXML(
            dbms_xdb.cfg_get()
          , '/xdbconfig/sysconfig/protocolconfig/httpconfig/http-port/text()'
          , 8081))
      /

I restarted the Oracle database and verified port 8081 was in use and not 8080.

CruiseControl and Subversion

Getting started with CruiseControl is relatively straightforward, see http://confluence.public.thoughtworks.org/display/CC/Getting+Started+With+CruiseControl

To place an application on CruiseControl it should have an Ant script to build it. The application Ant script does not need to interact with Subversion. The source for the application including the Ant script should be checked into Subversion.

I started to install CruiseControl by downloading and compiling the source, but my version of ant was too old. Instead I downloaded the binary (which ironically includes a newer ant also):

su -
wget http://downloads.sourceforge.net/cruisecontrol/cruisecontrol-bin-2.7.2.zip
unzip -d /opt cruisecontrol-bin-2.7.2.zip

useradd --system --home /srv/cruisecontrol --create-home --gecos "System account to run CruiseControl" cruise
usermod -s /bin/ksh cruise
su – cruise
mkdir checkout logs artifacts
PATH=$PATH:/opt/subversion-1.3.2/bin/:/opt/cruisecontrol-bin-2.7.2
cruisecontrol.sh

Now we need to configure CruiseControl to monitor the Subversion repository. Create config.xml:

Build-myproj.xml contains Ant steps to checkout a clean copy of the application and build it:





To setup the dashboard, running at :8080



su - cruise
cp /opt/cruisecontrol-bin-2.7.2/dashboard-config.xml .
kill `cat cc.pid`
cruisecontrol.sh














Installing Subversion on Ubuntu







There are many ways to do it, but this incantation worked for me on an Ubuntu host. This is an ‘entry level’ setup with one repository and simple authentication. Read the Subversion book and Ubuntu documentation to understand.




su -
apt-get install subversion
adduser --system --home /srv/svn --gecos "System account to run svnserve" svn
svnadmin create /srv/svn
chown -R svn:nogroup /srv/svn

apt-get install xinetd
cat >> /etc/xinetd.d/svn << "EOF"
service svn
{
        port                    = 3690
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = svn
        server                  = /usr/bin/svnserve
        server_args             = -i -r /srv/svn
}
EOF
/etc/init.d/xinetd restart

# uncomment line to use default password file (~svn/conf/passwd)
vi ~svn/conf/svnserve.conf

cat >> ~svn/conf/passwd << "EOF"
[users]
fred = *****
...
EOF
chmod 600 ~svn/conf/passwd














Struts Guidelines







Struts (or more correctly, the Struts Action Framework) is probably the most successful Java web-application framework to date. It enables organization of Java web-applications using a model-view-controller (MVC) approach that makes it easier to write and maintain non-trivial applications. 


The framework comprises 


    

  • 

    A front controller servlet (ActionServlet) that accepts, processes, and routes all incoming HTTP requests in accordance with a configuration file (struts-config.xml)
    

    • 

  • 

    RequestProcessor and Action classes that can be extended and customized with application logic. 
    

    • 

  • 

    A set of JSP tag libraries (html, bean, logic, tiles) to simplify building forms and displaying output.
    

    • 

  • 

    Support for populating HTML form input into regular or dynamic beans (DynaBeans).
    

    • 

  • 

    Support for validating input and displaying error messages (ActionErrors, ApplicationResources.properties)
    

    • 



The version of Struts shipped with JDeveloper 10.1.2 was 1.1. A number of books have been written about this version, see the Apache Struts 1.1 Project Home Page. Using 1.2 should not be a significant problem, but it does not include compelling enhancements. Note Struts 1.1 includes Commons BeanUtils 1.6. 


JSPs 




    

  • 

    Organize applications into  pages, eg. CustomerSearch.jsp, CustomerView.jsp, CustomerEdit.jsp. 
    

    • 

  • 

    Follow the Oracle Browser Look And Feel (BLAF) guidelines for all corporate applications, see the Oracle Browser Look and Feel (BLAF) Guidelines. Use the blaf.css provided with JDeveloper, do not modify it.  Use the icons from the BLAF icon repository.
    

    • 

  • 

    Place all JSPs into the WEB-INF directory, where they cannot be invoked directly. Provide a start.jsp in the public web root directory that forwards to a Struts action to start the application. Set start.jsp as the welcome file in web.xml.
    

    • 

  • 

    Refrain from adding scriplets to JSPs as far as possible: place code in the corresponding Java class and use Struts :bean tags to display results in the JSP.
    

    • 



Action Classes 


    

  • 

    For each JSP create a corresponding  Java class that extends DispatchAction and which handles requests from the JSP. 
    

    • 

  • 

    Use DynaActionForms to capture form input. These are configured in struts-config.xml, eliminating the need to write Java bean classes for each input form.
    

    • 

  • 

    Validate all input on the server side. Although JavaScript can be used on the client for added responsiveness, client side validation can always be bypassed or disabled. 
    

    • 

  • 

    Do not place database access code into JSPs or Action classes: factor out this code into separate data access objects (DAOs). Configure data sources using the servlet container, not the (deprecated) struts-config.xml option. Name data sources after the username or schema used for the connection, not the target database instance.
    

    • 



Error Handling 


    

  • 

    Write error diagnostic and tracing information to the servlet context log, do not simply print a stack trace.  This may be done by extending struts.action.RequestProcessor. 
    

    • 

  • 

    Declare error pages in web.xml to handle unexpected server errors (500) and missing resources (404).  It may be convenient to comment these out in development environments. 
    

    • 

  • 

    Review Ambysoft’s Coding Standards for Java
    

    • 

  • 

    At a minimum use an initial capital for classes and an initial lower case for variables. Use all caps only for constants, ie. where ‘static final’ is used. 
    

    • 

  • 

    Do not declare global variables: at a minimum use singleton beans. Global constants are OK. 
    

    • 



References 











Posts navigation

1
2
3
4
5
6


















Scroll to top