Merge pull request #7 from italiangrid/feature/third-party-copy

Third party copy support

.gitignore

@@ -2,3 +2,5 @@
 .classpath
 .project
 .settings/
+.factorypath
+.springBeans

.travis.yml

@@ -1,10 +1,16 @@
 language: java
-
+sudo: required
+dist: trusty
 jdk:
-    - openjdk7
-    - oraclejdk7
-    - oraclejdk8
-
-os:
-    - linux
-    - osx
+- openjdk8
+install:
+- "/bin/bash travis/install-deps.sh"
+script:
+- "/bin/bash travis/build.sh"
+cache:
+  directories:
+  - "$HOME/.m2/repository"
+notifications:
+  slack:
+    rooms:
+      secure: OKe5lIcTQOeUaoS+6NImoIjceaN5IGR1a2w3PEl+tkRYygVnaPdwDtXAUr+WtdU+X8tfFudCTNd8xpcAsfFHXK9+TwvFi4Qk3ODGRF37iPe+pWUtdkb7TtjKP+Rkq19hFse24+kH2EojYAFagn6rulurZfJCeqJtnV3P8MyJe/c=

CHANGELOG.md

@@ -0,0 +1,15 @@
+# Changelog
+
+## 1.1.0 (2018-??-??)
+
+### Added
+
+- Token-based authorization support
+- Third-party copy support
+- Jetty 9.4 and Spring Boot 2.1 porting
+- Dates in logs now are in standard UTC format
+- Rotated log files are compressed
+
+### Fixed
+
+- POST handled as GET fixed 

README.md

@@ -1,9 +1,6 @@
 # The StoRM WebDAV service
 
-[![Build Status](https://travis-ci.org/italiangrid/storm-webdav.svg?branch=master)](https://travis-ci.org/italiangrid/storm-webdav)
-
-The StoRM webdav service provides http/webdav access
-to resources shared on a filesystem.
+The StoRM webdav service provides http/webdav access to resources shared on a filesystem.
 
 ## Build dependencies
 

compose/.env

@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=storm-webdav

compose/assets/certs/hostcert.pem

@@ -0,0 +1,86 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 801 (0x321)
+    Signature Algorithm: sha512WithRSAEncryption
+        Issuer: C=IT, O=IGI, CN=Test CA
+        Validity
+            Not Before: Oct 15 15:57:05 2018 GMT
+            Not After : Oct 12 15:57:05 2028 GMT
+        Subject: C=IT, O=IGI, CN=storm dev
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:98:91:d4:9f:f5:a7:0a:1c:cf:b8:51:7d:2e:
+                    fa:a9:c7:df:74:75:bb:81:1a:52:e0:a5:1e:48:56:
+                    c5:85:39:bf:90:4a:2b:be:c5:ef:83:0a:4a:e0:86:
+                    84:81:79:14:4f:8e:70:ba:8a:a3:68:07:a3:2c:be:
+                    76:d6:fc:28:bf:91:31:67:45:eb:2e:b6:ce:31:bd:
+                    32:d1:f4:a0:88:0c:e9:2f:a0:ee:77:8f:da:c1:1b:
+                    50:ba:0d:09:05:29:12:b1:4c:98:28:fd:6a:c0:fc:
+                    9b:d1:40:cd:5c:59:c4:7d:49:bf:c1:0f:a5:3a:42:
+                    7c:41:0d:1e:25:2e:2e:2e:3d:0c:23:fb:9f:1f:46:
+                    ec:f3:62:aa:a6:ca:85:a9:ea:ec:51:98:26:6e:1a:
+                    bd:cd:0e:eb:22:49:b2:e6:c4:99:2f:6b:3c:ba:82:
+                    09:46:74:b3:19:a6:dc:b9:a1:83:6d:d5:28:62:43:
+                    ba:1b:f3:e1:1d:61:61:87:b2:cb:1b:14:49:02:de:
+                    d9:10:ca:d7:0c:da:c6:c3:1c:f2:ab:48:27:8d:10:
+                    17:8b:56:cb:5d:d4:f6:19:65:4c:78:25:cb:3d:be:
+                    a5:93:77:ce:a2:77:97:de:b4:24:8e:aa:3b:dc:c6:
+                    f8:57:d9:a9:ba:42:d9:7a:77:a4:4a:dc:76:07:2b:
+                    43:c3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                AF:52:EA:AC:22:88:70:E5:C6:AA:AE:CC:AD:FB:CA:95:EB:17:3B:15
+            X509v3 Key Usage: critical
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
+            X509v3 Authority Key Identifier: 
+                keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
+
+            X509v3 Subject Alternative Name: 
+                DNS:storm.example, DNS:storm-alias.example, DNS:other.example, DNS:localhost
+    Signature Algorithm: sha512WithRSAEncryption
+         b5:36:9a:2d:e4:79:56:1a:1c:d0:34:e4:d8:06:2a:03:94:65:
+         cc:a7:71:bf:88:c6:f9:1d:bf:20:18:d4:25:6a:8a:a5:5e:97:
+         64:8e:23:d2:51:0a:fb:3a:96:68:f6:a3:75:bd:74:6d:3d:4d:
+         05:54:1c:b4:43:ee:33:bd:66:80:ee:81:50:f4:9c:ea:38:74:
+         22:f3:ab:b1:41:04:7f:f5:64:07:49:78:9e:73:a5:00:0d:8f:
+         e6:c9:ec:bc:3b:f7:00:7e:9e:09:1a:9b:a4:40:a7:39:90:1c:
+         fa:ca:ec:31:53:52:27:93:88:db:18:b3:f0:b7:7f:65:4e:06:
+         c5:f5:b4:9e:6c:af:69:ef:da:ea:4c:e8:50:ed:dc:49:a7:fe:
+         69:90:cf:77:69:58:49:0a:1c:50:5e:ab:26:b0:52:31:ca:6f:
+         8a:11:78:80:c5:9e:4f:43:40:60:f3:99:46:4d:8d:51:5a:e5:
+         04:90:9e:ce:40:4a:c5:35:b1:f1:d1:63:86:8b:42:73:79:7a:
+         f7:33:d3:69:22:45:a2:82:0c:05:69:7d:00:2b:e5:c9:44:38:
+         f8:ae:e1:81:71:04:b8:48:bf:51:91:22:4e:90:c6:ad:91:cc:
+         30:a5:e8:53:4f:64:b1:3d:7a:c8:cd:ae:b6:b8:7c:dc:c7:98:
+         36:eb:a5:e4
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgICAyEwDQYJKoZIhvcNAQENBQAwLTELMAkGA1UEBhMCSVQx
+DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xODEwMTUxNTU3MDVa
+Fw0yODEwMTIxNTU3MDVaMC8xCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxEjAQ
+BgNVBAMMCXN0b3JtIGRldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMuYkdSf9acKHM+4UX0u+qnH33R1u4EaUuClHkhWxYU5v5BKK77F74MKSuCGhIF5
+FE+OcLqKo2gHoyy+dtb8KL+RMWdF6y62zjG9MtH0oIgM6S+g7neP2sEbULoNCQUp
+ErFMmCj9asD8m9FAzVxZxH1Jv8EPpTpCfEENHiUuLi49DCP7nx9G7PNiqqbKhanq
+7FGYJm4avc0O6yJJsubEmS9rPLqCCUZ0sxmm3Lmhg23VKGJDuhvz4R1hYYeyyxsU
+SQLe2RDK1wzaxsMc8qtIJ40QF4tWy13U9hllTHglyz2+pZN3zqJ3l960JI6qO9zG
++FfZqbpC2Xp3pErcdgcrQ8MCAwEAAaOB6jCB5zAMBgNVHRMBAf8EAjAAMB0GA1Ud
+DgQWBBSvUuqsIohw5caqrsyt+8qV6xc7FTAOBgNVHQ8BAf8EBAMCBeAwPgYDVR0l
+BDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEG
+CCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMEcGA1Ud
+EQRAMD6CDXN0b3JtLmV4YW1wbGWCE3N0b3JtLWFsaWFzLmV4YW1wbGWCDW90aGVy
+LmV4YW1wbGWCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQ0FAAOCAQEAtTaaLeR5Vhoc
+0DTk2AYqA5RlzKdxv4jG+R2/IBjUJWqKpV6XZI4j0lEK+zqWaPajdb10bT1NBVQc
+tEPuM71mgO6BUPSc6jh0IvOrsUEEf/VkB0l4nnOlAA2P5snsvDv3AH6eCRqbpECn
+OZAc+srsMVNSJ5OI2xiz8Ld/ZU4GxfW0nmyvae/a6kzoUO3cSaf+aZDPd2lYSQoc
+UF6rJrBSMcpvihF4gMWeT0NAYPOZRk2NUVrlBJCezkBKxTWx8dFjhotCc3l69zPT
+aSJFooIMBWl9ACvlyUQ4+K7hgXEEuEi/UZEiTpDGrZHMMKXoU09ksT16yM2utrh8
+3MeYNuul5A==
+-----END CERTIFICATE-----

compose/assets/certs/hostkey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAy5iR1J/1pwocz7hRfS76qcffdHW7gRpS4KUeSFbFhTm/kEor
+vsXvgwpK4IaEgXkUT45wuoqjaAejLL521vwov5ExZ0XrLrbOMb0y0fSgiAzpL6Du
+d4/awRtQug0JBSkSsUyYKP1qwPyb0UDNXFnEfUm/wQ+lOkJ8QQ0eJS4uLj0MI/uf
+H0bs82KqpsqFqersUZgmbhq9zQ7rIkmy5sSZL2s8uoIJRnSzGabcuaGDbdUoYkO6
+G/PhHWFhh7LLGxRJAt7ZEMrXDNrGwxzyq0gnjRAXi1bLXdT2GWVMeCXLPb6lk3fO
+oneX3rQkjqo73Mb4V9mpukLZenekStx2BytDwwIDAQABAoIBAHFYwWeEnniekqe6
+T/PHodm/4tGtcfRQOW/DvXY8iL7BBbtI783H2K41nrYdbcu/IuWfwXa5FHwoNFoG
+t5a8z9rG9KAwNtzM/UKHuLFW5cCYn4HasKhzuC/mCy1pcGolEbkPkW7QlwxWFlGL
+KEmP2GqAEndjRHOI7DAzI2NDsIYgjBARGCWLURcjohr8q5Z1EC9B8ClmzA94f7EZ
+RZ61mN3oOZiJtulGRnmn70lIdcJ4sWMlJbrLtKsPK0rHAv8U5Yjs+TSsrz4lYTVa
+5sdp9nhr5GpZ3W+JDEq0ZyeiJ5FxyR4krcIj8HVVDVavauW4vRu9CeqnDwDunPl6
+L14O/uECgYEA75RpcfM4bzULJpVbLNHZTkClZtWNyY77rDkfvrOjlsD06QMDBeQh
+vFxiNxwO2JqSKoJf1vay8Hn7un9NSm5x8MgRfrMjhsG6MzavycrxESRFtq5Adkdk
+3lQyn0WGYsPHFLVs/tx1GtdzCqU5SyBUkeLCqMNaARV1xmD4AjFcaasCgYEA2YzM
+ZZ8Z4aAqkv6gJiZTN1gQxMO8nPiCwY8NefI/Mm1U+X6j4ZYRkqTcvdsJzFtnj+ab
+rrguS1AOuyDMID2NKjQTrzJLBUhNYzbo7YeMsY2U+k9z0fvM3WGzX0YBvcxtnqXm
+BLMKHjbF0YvzEbu0qD1dWj5CZ6e/+DXfK5QlZkkCgYAEAa9hwHeJJJHzKzxDG59O
+t7YMajXc0Q9UagAl6EssEj4GR46dYptN0x2xXj7BUJRxMYz4w1dqvh9/lvFr9Tzi
+kfX48HX/ou3CPX/jGAnAB6NC0tcxIzCEp1PRZhBBRpTlu8L+4CD1OfUqkGjM4NWJ
+OwmWWO4AZqN5ldWP89Nf0QKBgQDUR1RHMNljVRNV/gmtUCZRUaiDJ3ALR17nmjwP
+KzdJcG/DSDSHchTRn/cZdvt3ohVK0D5HXccmjAbjx9wG9aiibtBqWsvjaqrAzhq5
+dFPwCPQ+z3p3gpljx+rsY3ZdinXIoZ7yJPYRh2a90y6qthtRMxe9cBUB6iki/QY4
+EsXvqQKBgQCUokN2XeonTeJCIDKU7XKd5JNOuWFWCz/tsBu2lnMSr/2txiL3cCgt
+BNJw+rbZ08hMMNeD871lsYKTrPigEXKpMlHlC8RodWK7XEGhTL4nHoZQ/PE8Zq71
+Q6+DM27CV0IU7/78rrWO0YdHii2pE72Fp05i/X16apjTSFi9InL6ZQ==
+-----END RSA PRIVATE KEY-----

compose/assets/etc/storm/webdav/README.md

@@ -0,0 +1,32 @@
+# This is the StoRM WebDAV service configuration directory
+
+The logback.xml file is used to configure the logging verbosity of the StoRM
+WebDAV service.
+
+The logging configuration is monitored by the StoRM WebDAV service, so changes
+will be applied to the logging configuration without the need to restart the
+service.
+
+## Storage areas configuration
+
+Storage area configuration lives in the `sa.d` directory.
+For more information see the README.md file there.
+
+## VOMS map files configuration
+
+VOMS map files contains the list of VO members as obtained by running the
+voms-admin list-users command.
+
+When VOMS mapfiles are enabled, users can authenticate to the StoRM webdav
+service using the certificate in their browser and be granted VOMS attributes
+if their subject is listed in one of the supported VOMS mapfile.
+
+For each supported VO, a file having the same name as the VO is put in the
+voms-mapfiles directory.
+
+*Example*: to generate a VOMS mapfile for the `cms` VO, run the following
+command
+
+```bash
+voms-admin --host voms.cern.ch --vo cms list-users > cms
+```

compose/assets/etc/storm/webdav/sa.d/README.md

@@ -0,0 +1,8 @@
+This is the StoRM webdav service storage area configuration.
+
+Each storage area is configured in a properties file. StoRM webdav will look 
+for configuration in all files ending with .properties in this directory.
+If no configuration files are found, the StoRM webdav service will not start. 
+
+For an example storage area configuration file see:
+	sa.properties.template

compose/assets/etc/storm/webdav/sa.d/auth.properties

@@ -0,0 +1,24 @@
+#
+# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2018.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name=auth
+rootPath=/storage/auth
+filesystemType=posixfs
+accessPoints=/auth
+vos=test.vo
+authenticatedReadEnabled=true
+anonymousReadEnabled=false
+voMapGrantsWritePermission=false

compose/assets/etc/storm/webdav/sa.d/noauth.properties

@@ -0,0 +1,23 @@
+#
+# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2018.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name=noauth
+rootPath=/storage/noauth
+filesystemType=posixfs
+accessPoints=/noauth
+authenticatedReadEnabled=true
+anonymousReadEnabled=true
+voMapGrantsWritePermission=false

compose/assets/etc/storm/webdav/sa.d/oauth_authz.properties

@@ -0,0 +1,24 @@
+#
+# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2018.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name=oauth-authz
+rootPath=/storage/oauth-authz
+filesystemType=posixfs
+accessPoints=/oauth-authz
+orgs=https://iam-test.indigo-datacloud.eu/
+authenticatedReadEnabled=false
+anonymousReadEnabled=false
+voMapGrantsWritePermission=false

compose/assets/etc/storm/webdav/sa.d/sa.properties.template

@@ -0,0 +1,29 @@
+# This is an example of StoRM WebDAV storage area configuration
+
+# Name of the storage area
+name=sa
+
+# Root path for the storage area. Files will be served from this path, which must exist and
+# must be accessible from the user that runs the storm webdav service
+rootPath=/tmp
+
+# Comma separated list of storage area access points. 
+accessPoints=/sa
+
+# Comma separated list of VOMS VOs supported in this storage area
+vos=testers.eu-emi.eu
+
+# Enables read access to users authenticated with an X.509 certificate issued by
+# a trusted CA (users without VOMS credentials).
+# Defaults to false, which means that all users need to authenticate with a VOMS credential
+# authenticatedReadEnabled=false
+
+# Enables read access to anonymous users. Defaults to false. 
+# anonymousReadEnabled=false
+
+# Enables VO map files for this storage area. Defaults to true. 
+# voMapEnabled=true
+
+# VO map normally grants read-only access to storage area files. To grant 
+# write access set this flag to true. Defaults to false. 
+# voMapGrantsWriteAccess=false

compose/assets/etc/storm/webdav/sa.d/test_vo.properties

@@ -0,0 +1,24 @@
+#
+# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2018.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name=test.vo
+rootPath=/storage/test.vo
+filesystemType=posixfs
+accessPoints=/test.vo
+vos=test.vo
+authenticatedReadEnabled=false
+anonymousReadEnabled=false
+voMapGrantsWritePermission=false

compose/assets/etc/storm/webdav/vo-mapfiles.d/README.md

@@ -0,0 +1,39 @@
+## VO map files configuration
+VO map files contains the list of the members of a VOMS-managed Virtual Organization (VO).
+
+## What are VO map files
+
+When VO map files are enabled, users can authenticate to the StoRM webdav
+service using the certificate in their browser and be granted VOMS attributes
+if their subject is listed in one of the supported VO mapfile.
+
+This mechanism is very similar to the traditional Gridmap file but is just used
+to know whether a given user is registered as a member in a VOMS managed VO and
+not to map his/her certificate subject to a local unix account.
+
+### How to enable VO map files
+
+VO map files support is disabled by default in StoRM WebDAV.
+
+Set `STORM_WEBDAV_VO_MAP_FILES_ENABLE=true`` in /etc/sysconfig/storm-webdav
+to enable VO map file support.
+
+### How to generate VO map files
+
+VO map files are generated using the voms-admin list-users command.
+
+For each supported VO, a file named:
+
+<voname>.vomap
+
+is put in the voms-mapfiles.d directory.
+
+*Example*: to generate a VO mapfile for the `cms` VO, run the following
+command
+
+```bash
+voms-admin --vo cms list-users > /etc/storm/webdav/vo-mapfiles.d/cms.vomap
+```
+
+*N.B.:* Ensure that vo map files are readable by the user that runs the StORM
+WebDAV service (by default, the `storm` user).