Question about modifying web.xml

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about modifying web.xml

crleblanc
Hello,

I have a quick question about authentication and web.xml.  I've read that you need to modify web.xml in order to secure a entire Hudson instance (http://hudson.gotdns.com/wiki/display/HUDSON/Securing+Hudson).  We would like to secure all of Hudson for our project.  In my case, I'm running Hudson by typing 'java -jar ...'.  

I've unpacked the war file (jar -xvf hudson.war), and modified the web.xml file.  Is there a way to run hudson while using an unpacked archive?  Sorry if this is an obvious question, I'm new to java and .war files.

If I update the contents of WEB-INF/web.xml in hudson.war using the command
'jar -uf hudson.war WEB-INF/web.xml', it won't work because the .war file is signed and fails the SHA1 test.

Is there a way to modify this file when running 'java -jar'?  If not, what is the best way to run Hudson with a modified web.xml?

PS: Thanks for such an excellent project, I was amazed at how easy it was to get started.

Thanks,
Chris
Reply | Threaded
Open this post in threaded view
|

Re: Question about modifying web.xml

Kohsuke Kawaguchi
Administrator
crleblanc wrote:

> Hello,
>
> I have a quick question about authentication and web.xml.  I've read that
> you need to modify web.xml in order to secure a entire Hudson instance
> (http://hudson.gotdns.com/wiki/display/HUDSON/Securing+Hudson).  We would
> like to secure all of Hudson for our project.  In my case, I'm running
> Hudson by typing 'java -jar ...'.  
>
> I've unpacked the war file (jar -xvf hudson.war), and modified the web.xml
> file.  Is there a way to run hudson while using an unpacked archive?  Sorry
> if this is an obvious question, I'm new to java and .war files.
>
> If I update the contents of WEB-INF/web.xml in hudson.war using the command
> 'jar -uf hudson.war WEB-INF/web.xml', it won't work because the .war file is
> signed and fails the SHA1 test.
I updated http://hudson.gotdns.com/wiki/display/HUDSON/Securing+Hudson 
and added the following sentence:

     Before you re-create a war file with this change, make sure to
     remove META-INF/HUDSON.SF and META-INF/HUDSON.DSA files so that Java
      won't complain about the signature mismatch.


> Is there a way to modify this file when running 'java -jar'?  If not, what
> is the best way to run Hudson with a modified web.xml?
>
> PS: Thanks for such an excellent project, I was amazed at how easy it was to
> get started.

Thanks!

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment