production
This commit is contained in:
parent
431063ab32
commit
956df03cc1
9 changed files with 120 additions and 41 deletions
1
docker/prod/standalone/selfsigned/.gitignore
vendored
Normal file
1
docker/prod/standalone/selfsigned/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
/secrets
|
|
@ -1,41 +1,36 @@
|
||||||
spring.profiles.include=prod-ws,prod-gui
|
spring.profiles.include=prod-ws,prod-gui
|
||||||
|
|
||||||
file.encoding=UTF-8
|
file.encoding=UTF-8
|
||||||
logging.level.org.apache.tomcat.util.net.NioEndpoint=DEBUG
|
|
||||||
logging.level.ch=DEBUG
|
|
||||||
|
|
||||||
sebserver.certs.password=[SET_PWD]
|
|
||||||
sebserver.mariadb.password=[SET_PWD]
|
|
||||||
sebserver.password=[SET_PWD]
|
|
||||||
|
|
||||||
server.address=0.0.0.0
|
server.address=0.0.0.0
|
||||||
server.port=443
|
server.port=443
|
||||||
server.servlet.context-path=/
|
server.servlet.context-path=/
|
||||||
|
|
||||||
|
##########################################################
|
||||||
|
### Security
|
||||||
|
|
||||||
security.require-ssl=true
|
security.require-ssl=true
|
||||||
server.ssl.key-store-type=PKCS12
|
server.ssl.key-store-type=PKCS12
|
||||||
server.ssl.key-store=file:/certs/seb-server-keystore.pkcs12
|
server.ssl.key-store=C:/dev/workspaces/sebserver/seb-server/docker/prod/standalone/selfsigned/certs/seb-server-keystore.pkcs12
|
||||||
server.ssl.key-store-password=${sebserver.certs.password}
|
server.ssl.key-store-password=${sebserver.certs.password}
|
||||||
server.ssl.key-alias=sebserver
|
|
||||||
server.ssl.key-password=${sebserver.certs.password}
|
server.ssl.key-password=${sebserver.certs.password}
|
||||||
server.ssl.trust-store=file:/certs/seb-server-truststore.pkcs12
|
server.ssl.trust-store=C:/dev/workspaces/sebserver/seb-server/docker/prod/standalone/selfsigned/certs/seb-server-truststore.pkcs12
|
||||||
server.ssl.trust-store-password=${sebserver.certs.password}
|
server.ssl.trust-store-password=${sebserver.certs.password}
|
||||||
server.ssl.enabled-protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
server.ssl.enabled-protocols=TLSv1,TLSv1.1,TLSv1.2
|
||||||
|
|
||||||
javax.net.ssl.keyStore=/certs/seb-server-keystore.pkcs12
|
##########################################################
|
||||||
javax.net.ssl.keyStorePassword=${sebserver.certs.password}
|
### SEB Server Overall
|
||||||
javax.net.ssl.trustStore=/certs/seb-server-truststore.pkcs12
|
|
||||||
javax.net.ssl.trustStorePassword=${sebserver.certs.password}
|
|
||||||
|
|
||||||
sebserver.webservice.api.admin.clientSecret=${sebserver.password}
|
# Default logging level in the form "logging.level" + namespace=LEVEL
|
||||||
sebserver.webservice.internalSecret=${sebserver.password}
|
logging.level.ch=DEBUG
|
||||||
|
logging.file=log/sebserver.log
|
||||||
|
|
||||||
|
# If webservice or gui runs on ssl and this flag is true, an integrated redirect from http to https is activated
|
||||||
|
# Disable this if a redirect is done by a pre-processing proxy
|
||||||
|
sebserver.ssl.redirect.enabled=true
|
||||||
|
|
||||||
##########################################################
|
##########################################################
|
||||||
### SEB Server Webservice configuration
|
### SEB Server Webservice configuration
|
||||||
|
|
||||||
# logging
|
|
||||||
logging.file=log/sebserver.log
|
|
||||||
|
|
||||||
# database server
|
# database server
|
||||||
datastore.mariadb.server.address=seb-server-mariadb
|
datastore.mariadb.server.address=seb-server-mariadb
|
||||||
datastore.mariadb.server.port=3306
|
datastore.mariadb.server.port=3306
|
||||||
|
@ -53,9 +48,11 @@ spring.datasource.hikari.maxLifetime=1800000
|
||||||
spring.datasource.password=${sebserver.mariadb.password}
|
spring.datasource.password=${sebserver.mariadb.password}
|
||||||
|
|
||||||
# webservice configuration
|
# webservice configuration
|
||||||
|
sebserver.webservice.api.admin.clientSecret=${sebserver.password}
|
||||||
|
sebserver.webservice.internalSecret=${sebserver.password}
|
||||||
sebserver.webservice.distributed=false
|
sebserver.webservice.distributed=false
|
||||||
sebserver.webservice.http.scheme=https
|
sebserver.webservice.http.scheme=https
|
||||||
sebserver.webservice.http.server.name=0.0.0.0
|
sebserver.webservice.http.server.name=${server.address}
|
||||||
sebserver.webservice.http.redirect.gui=/gui
|
sebserver.webservice.http.redirect.gui=/gui
|
||||||
sebserver.webservice.api.admin.clientId=guiClient
|
sebserver.webservice.api.admin.clientId=guiClient
|
||||||
sebserver.webservice.api.admin.endpoint=/admin-api/v1
|
sebserver.webservice.api.admin.endpoint=/admin-api/v1
|
||||||
|
@ -75,8 +72,6 @@ sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token
|
||||||
management.endpoints.web.base-path=/actuator
|
management.endpoints.web.base-path=/actuator
|
||||||
management.endpoints.web.exposure.include=logfile,loggers
|
management.endpoints.web.exposure.include=logfile,loggers
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##########################################################
|
##########################################################
|
||||||
### SEB Server GUI configuration
|
### SEB Server GUI configuration
|
||||||
server.servlet.session.cookie.http-only=true
|
server.servlet.session.cookie.http-only=true
|
||||||
|
@ -84,11 +79,12 @@ server.servlet.session.tracking-modes=cookie
|
||||||
|
|
||||||
sebserver.gui.entrypoint=/gui
|
sebserver.gui.entrypoint=/gui
|
||||||
sebserver.gui.webservice.protocol=https
|
sebserver.gui.webservice.protocol=https
|
||||||
sebserver.gui.webservice.address=0.0.0.0
|
sebserver.gui.webservice.address=localhost
|
||||||
sebserver.gui.webservice.port=443
|
sebserver.gui.webservice.port=443
|
||||||
sebserver.gui.webservice.apipath=/admin-api/v1
|
sebserver.gui.webservice.apipath=/admin-api/v1
|
||||||
# defines the polling interval that is used to poll the webservice for client connection data on a monitored exam page
|
# defines the polling interval that is used to poll the webservice for client connection data on a monitored exam page
|
||||||
sebserver.gui.webservice.poll-interval=500
|
sebserver.gui.webservice.poll-interval=500
|
||||||
|
sebserver.gui.webservice.mock-lms-enabled=true
|
||||||
|
|
||||||
|
|
||||||
sebserver.gui.theme=css/sebserver.css
|
sebserver.gui.theme=css/sebserver.css
|
||||||
|
|
|
@ -2,26 +2,28 @@ FROM openjdk:11-jre-stretch
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y openssl
|
RUN apt-get update && apt-get install -y openssl
|
||||||
|
|
||||||
ENV KEYSTORE_PWD=
|
|
||||||
ENV OPENSSL_SUBJ="/C=CH/ST=Zuerich/L=Zuerich"
|
ENV OPENSSL_SUBJ="/C=CH/ST=Zuerich/L=Zuerich"
|
||||||
ENV OPENSSL_CA="${OPENSSL_SUBJ}/CN=SEB_SEVER_CN"
|
ENV OPENSSL_CA="${OPENSSL_SUBJ}/CN=SEB_SEVER_CN"
|
||||||
|
|
||||||
VOLUME /certs
|
VOLUME /certs
|
||||||
WORKDIR /certs
|
WORKDIR /certs
|
||||||
|
|
||||||
|
RUN export $(grep -v '^#' secrets | xargs)
|
||||||
|
|
||||||
CMD openssl genrsa -out ca-key.pem 2048 \
|
CMD openssl genrsa -out ca-key.pem 2048 \
|
||||||
&& openssl req -new -x509 -key ca-key.pem -nodes -days 3600 -subj "${OPENSSL_CA}" -out ca.pem \
|
&& openssl req -new -x509 -key ca-key.pem -nodes -days 3600 -subj "${OPENSSL_CA}" -out ca.pem \
|
||||||
&& openssl req -newkey rsa:2048 -days 3600 -nodes -config /certs/config/certs.cnf -keyout server-key.pem -out server-req.pem \
|
&& openssl req -newkey rsa:2048 -days 3600 -nodes -config certs.cnf -keyout server-key.pem -out server-req.pem \
|
||||||
&& openssl rsa -in server-key.pem -out server-key.pem \
|
&& openssl rsa -in server-key.pem -out server-key.pem \
|
||||||
&& openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem \
|
&& openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem \
|
||||||
&& openssl req -newkey rsa:2048 -days 3600 -nodes -config /certs/config/certs.cnf -keyout client-key.pem -out client-req.pem \
|
&& openssl req -newkey rsa:2048 -days 3600 -nodes -config certs.cnf -keyout client-key.pem -out client-req.pem \
|
||||||
&& openssl rsa -in client-key.pem -out client-key.pem \
|
&& openssl rsa -in client-key.pem -out client-key.pem \
|
||||||
&& openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
|
&& openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
|
||||||
&& openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
|
&& openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
|
||||||
&& openssl x509 -in ca.pem -inform pem -out ca.der -outform der \
|
&& openssl x509 -in ca.pem -inform pem -out ca.der -outform der \
|
||||||
&& openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:"${KEYSTORE_PWD}" \
|
&& openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:"${KEYSTORE_PWD}" \
|
||||||
&& keytool -importkeystore -destkeystore seb-server-keystore.pkcs12 -deststorepass "${KEYSTORE_PWD}" -srckeystore client-cert.pkcs12 -srcstoretype PKCS12 -srcstorepass "${KEYSTORE_PWD}" \
|
|
||||||
&& keytool -import -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass "${KEYSTORE_PWD}" -srcstoretype PKCS12 -noprompt \
|
|
||||||
&& keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zuerich, S=Zuerich, C=CH" -keyalg RSA -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass "${KEYSTORE_PWD}" -validity 3650 \
|
&& keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zuerich, S=Zuerich, C=CH" -keyalg RSA -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass "${KEYSTORE_PWD}" -validity 3650 \
|
||||||
&& keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass "${KEYSTORE_PWD}" -noprompt \
|
&& keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass "${KEYSTORE_PWD}" -noprompt \
|
||||||
&& keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass "${KEYSTORE_PWD}" -noprompt
|
&& keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass "${KEYSTORE_PWD}" -noprompt \
|
||||||
|
&& keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass "${KEYSTORE_PWD}" -srcstoretype PKCS12 -noprompt \
|
||||||
|
&& keytool -import -alias mariadb-client -file client-cert.pem -keystore seb-server-truststore.pkcs12 -storepass "${KEYSTORE_PWD}" -srcstoretype PKCS12 -noprompt \
|
||||||
|
&& keytool -import -alias mariadb-server -file server-cert.pem -keystore seb-server-keystore.pkcs12 -storepass "${KEYSTORE_PWD}" -srcstoretype PKCS12 -noprompt \
|
|
@ -7,11 +7,11 @@ services:
|
||||||
container_name: gencerts
|
container_name: gencerts
|
||||||
volumes:
|
volumes:
|
||||||
- ./certs:/certs
|
- ./certs:/certs
|
||||||
- .:/certs/config
|
- ./certs.cnf:/certs/certs.cnf
|
||||||
|
- ./secrets:/certs/secrets
|
||||||
environment:
|
environment:
|
||||||
- SERVER_CN=seb-server-mariadb
|
- SERVER_CN=seb-server-mariadb
|
||||||
- CLIENT_CN=seb-server-mariadb
|
- CLIENT_CN=seb-server-mariadb
|
||||||
- KEYSTORE_PWD=[SET_PWD]
|
|
||||||
|
|
||||||
mariadb:
|
mariadb:
|
||||||
image: "mariadb/server:10.3"
|
image: "mariadb/server:10.3"
|
||||||
|
@ -20,8 +20,8 @@ services:
|
||||||
- .:/etc/mysql/conf.d
|
- .:/etc/mysql/conf.d
|
||||||
- ./certs:/etc/mysql/certs
|
- ./certs:/etc/mysql/certs
|
||||||
- seb-server-mariadb-data:/var/lib/mysql
|
- seb-server-mariadb-data:/var/lib/mysql
|
||||||
environment:
|
env_file:
|
||||||
- MYSQL_ROOT_PASSWORD=[SET_PWD]
|
- secrets
|
||||||
ports:
|
ports:
|
||||||
- 3306:3306
|
- 3306:3306
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -25,6 +25,15 @@ ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
|
||||||
WORKDIR /sebserver
|
WORKDIR /sebserver
|
||||||
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
|
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
|
||||||
|
|
||||||
ENTRYPOINT exec java -Djavax.net.debug=SSL -jar seb-server-"${SEBSERVER_VERSION}".jar --spring.profiles.active=prod --spring.config.location=file:/config/,classpath:/config/
|
RUN export $(grep -v '^#' secrets | xargs)
|
||||||
|
|
||||||
|
ENTRYPOINT exec java \
|
||||||
|
-Djavax.net.debug=SSL \
|
||||||
|
-jar seb-server-"${SEBSERVER_VERSION}".jar \
|
||||||
|
--spring.profiles.active=prod \
|
||||||
|
--spring.config.location=file:/config/,classpath:/config/ \
|
||||||
|
--sebserver.certs.password="${KEYSTORE_PWD}" \
|
||||||
|
--sebserver.mariadb.password="${MYSQL_ROOT_PASSWORD}" \
|
||||||
|
--sebserver.password="${SEBSERVER_PWD}" \
|
||||||
|
|
||||||
EXPOSE 443
|
EXPOSE 443
|
|
@ -8,10 +8,24 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver;
|
package ch.ethz.seb.sebserver;
|
||||||
|
|
||||||
|
import org.apache.catalina.Context;
|
||||||
|
import org.apache.catalina.connector.Connector;
|
||||||
|
import org.apache.commons.lang3.BooleanUtils;
|
||||||
|
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
|
||||||
|
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
|
import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
|
||||||
|
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
|
||||||
|
import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
|
||||||
import org.springframework.cache.annotation.EnableCaching;
|
import org.springframework.cache.annotation.EnableCaching;
|
||||||
|
import org.springframework.context.ApplicationContext;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.core.env.Environment;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.profile.ProdGuiProfile;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.profile.ProdWebServiceProfile;
|
||||||
|
|
||||||
/** SEB-Server (Safe Exam Browser Server) is a server component to maintain and support
|
/** SEB-Server (Safe Exam Browser Server) is a server component to maintain and support
|
||||||
* Exams running with SEB (Safe Exam Browser). TODO add link(s)
|
* Exams running with SEB (Safe Exam Browser). TODO add link(s)
|
||||||
|
@ -25,9 +39,7 @@ import org.springframework.cache.annotation.EnableCaching;
|
||||||
* SEB-Server uses Spring's profiles to consequently separate sub-components of the webservice
|
* SEB-Server uses Spring's profiles to consequently separate sub-components of the webservice
|
||||||
* and GUI and can be used to start the components on separate servers or within the same
|
* and GUI and can be used to start the components on separate servers or within the same
|
||||||
* server instance. Additional to the usual profiles like dev, prod, test there are combining
|
* server instance. Additional to the usual profiles like dev, prod, test there are combining
|
||||||
* profiles like dev-ws, dev-gui and prod-ws, prod-gui
|
* profiles like dev-ws, dev-gui and prod-ws, prod-gui */
|
||||||
*
|
|
||||||
* TODO documentation for presets to start all-in-one server or separated gui- and webservice- server */
|
|
||||||
@SpringBootApplication(exclude = {
|
@SpringBootApplication(exclude = {
|
||||||
UserDetailsServiceAutoConfiguration.class,
|
UserDetailsServiceAutoConfiguration.class,
|
||||||
})
|
})
|
||||||
|
@ -39,4 +51,53 @@ public class SEBServer {
|
||||||
SpringApplication.run(SEBServer.class, args);
|
SpringApplication.run(SEBServer.class, args);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Add an additional redirect Connector on http port to redirect all http calls
|
||||||
|
* to https.
|
||||||
|
*
|
||||||
|
* NOTE: This works with TomcatServletWebServerFactory and embedded tomcat.
|
||||||
|
* If the webservice and/or gui is going to running on another server or
|
||||||
|
* redirect is handled by a proxy, this redirect can be deactivated within
|
||||||
|
* the "sebserver.ssl.redirect.enabled" property set to false
|
||||||
|
*/
|
||||||
|
@Bean
|
||||||
|
@ProdWebServiceProfile
|
||||||
|
@ProdGuiProfile
|
||||||
|
public ServletWebServerFactory servletContainer(
|
||||||
|
final Environment env,
|
||||||
|
final ApplicationContext applicationContext) {
|
||||||
|
|
||||||
|
final String enabled = env.getProperty(
|
||||||
|
"sebserver.ssl.redirect.enabled",
|
||||||
|
Constants.FALSE_STRING);
|
||||||
|
|
||||||
|
if (!BooleanUtils.toBoolean(enabled)) {
|
||||||
|
return new TomcatServletWebServerFactory();
|
||||||
|
}
|
||||||
|
|
||||||
|
final TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
|
||||||
|
@Override
|
||||||
|
protected void postProcessContext(final Context context) {
|
||||||
|
final SecurityConstraint securityConstraint = new SecurityConstraint();
|
||||||
|
securityConstraint.setUserConstraint("CONFIDENTIAL");
|
||||||
|
final SecurityCollection collection = new SecurityCollection();
|
||||||
|
collection.addPattern("/*");
|
||||||
|
securityConstraint.addCollection(collection);
|
||||||
|
context.addConstraint(securityConstraint);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
tomcat.addAdditionalTomcatConnectors(redirectConnector(env));
|
||||||
|
return tomcat;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Connector redirectConnector(final Environment env) {
|
||||||
|
final String sslPort = env.getRequiredProperty("server.port");
|
||||||
|
final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
|
||||||
|
connector.setScheme("http");
|
||||||
|
connector.setPort(80);
|
||||||
|
connector.setSecure(false);
|
||||||
|
connector.setRedirectPort(Integer.valueOf(sslPort));
|
||||||
|
return connector;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -154,7 +154,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
|
||||||
log.info("Initialize with secure ClientHttpRequestFactory for production");
|
log.info("Initialize with secure ClientHttpRequestFactory for production");
|
||||||
|
|
||||||
final String truststoreFilePath = env
|
final String truststoreFilePath = env
|
||||||
.getProperty("javax.net.ssl.trustStore", "");
|
.getProperty("server.ssl.trust-store", "");
|
||||||
|
|
||||||
if (StringUtils.isBlank(truststoreFilePath)) {
|
if (StringUtils.isBlank(truststoreFilePath)) {
|
||||||
throw new IllegalArgumentException("Missing trust-store file path");
|
throw new IllegalArgumentException("Missing trust-store file path");
|
||||||
|
@ -163,7 +163,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
|
||||||
final File trustStoreFile = ResourceUtils.getFile("file:" + truststoreFilePath);
|
final File trustStoreFile = ResourceUtils.getFile("file:" + truststoreFilePath);
|
||||||
|
|
||||||
final char[] password = env
|
final char[] password = env
|
||||||
.getProperty("javax.net.ssl.trustStorePassword", "")
|
.getProperty("server.ssl.trust-store-password", "")
|
||||||
.toCharArray();
|
.toCharArray();
|
||||||
|
|
||||||
if (password.length < 3) {
|
if (password.length < 3) {
|
||||||
|
@ -171,6 +171,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
|
||||||
throw new IllegalArgumentException("Missing or incorrect trust-store password");
|
throw new IllegalArgumentException("Missing or incorrect trust-store password");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set the specified trust-store also on javax.net.ssl level
|
||||||
|
System.setProperty("javax.net.ssl.trustStore", truststoreFilePath);
|
||||||
|
System.setProperty("javax.net.ssl.trustStorePassword", String.valueOf(password));
|
||||||
|
|
||||||
final SSLContext sslContext = SSLContextBuilder
|
final SSLContext sslContext = SSLContextBuilder
|
||||||
.create()
|
.create()
|
||||||
.loadTrustMaterial(trustStoreFile, password)
|
.loadTrustMaterial(trustStoreFile, password)
|
||||||
|
|
|
@ -22,6 +22,7 @@ import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.joda.time.DateTimeZone;
|
import org.joda.time.DateTimeZone;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Lazy;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
@ -98,15 +99,18 @@ public class ResourceService {
|
||||||
private final I18nSupport i18nSupport;
|
private final I18nSupport i18nSupport;
|
||||||
private final RestService restService;
|
private final RestService restService;
|
||||||
private final CurrentUser currentUser;
|
private final CurrentUser currentUser;
|
||||||
|
private final boolean mock_lms_enabled;
|
||||||
|
|
||||||
protected ResourceService(
|
protected ResourceService(
|
||||||
final I18nSupport i18nSupport,
|
final I18nSupport i18nSupport,
|
||||||
final RestService restService,
|
final RestService restService,
|
||||||
final CurrentUser currentUser) {
|
final CurrentUser currentUser,
|
||||||
|
@Value("${sebserver.gui.webservice.mock-lms-enabled:true}") final boolean mock_lms_enabled) {
|
||||||
|
|
||||||
this.i18nSupport = i18nSupport;
|
this.i18nSupport = i18nSupport;
|
||||||
this.restService = restService;
|
this.restService = restService;
|
||||||
this.currentUser = currentUser;
|
this.currentUser = currentUser;
|
||||||
|
this.mock_lms_enabled = mock_lms_enabled;
|
||||||
}
|
}
|
||||||
|
|
||||||
public I18nSupport getI18nSupport() {
|
public I18nSupport getI18nSupport() {
|
||||||
|
@ -137,6 +141,7 @@ public class ResourceService {
|
||||||
public List<Tuple<String>> lmsTypeResources() {
|
public List<Tuple<String>> lmsTypeResources() {
|
||||||
return Arrays.asList(LmsType.values())
|
return Arrays.asList(LmsType.values())
|
||||||
.stream()
|
.stream()
|
||||||
|
.filter(lmsType -> lmsType != LmsType.MOCKUP || this.mock_lms_enabled)
|
||||||
.map(lmsType -> new Tuple<>(
|
.map(lmsType -> new Tuple<>(
|
||||||
lmsType.name(),
|
lmsType.name(),
|
||||||
this.i18nSupport.getText(LMSSETUP_TYPE_PREFIX + lmsType.name(), lmsType.name())))
|
this.i18nSupport.getText(LMSSETUP_TYPE_PREFIX + lmsType.name(), lmsType.name())))
|
||||||
|
|
|
@ -12,6 +12,7 @@ sebserver.gui.webservice.port=8080
|
||||||
sebserver.gui.webservice.apipath=/admin-api/v1
|
sebserver.gui.webservice.apipath=/admin-api/v1
|
||||||
# defines the polling interval that is used to poll the webservice for client connection data on a monitored exam page
|
# defines the polling interval that is used to poll the webservice for client connection data on a monitored exam page
|
||||||
sebserver.gui.webservice.poll-interval=500
|
sebserver.gui.webservice.poll-interval=500
|
||||||
|
sebserver.gui.webservice.mock-lms-enabled=true
|
||||||
|
|
||||||
|
|
||||||
sebserver.gui.theme=css/sebserver.css
|
sebserver.gui.theme=css/sebserver.css
|
||||||
|
|
Loading…
Reference in a new issue