I am trying to use a powershell script to change the password between two strings, I am running into two issues.
A complex password seems to break my regex, If I use something as simple as "TestPassword" the regex does what I expect. However using a more complex password "6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" it breaks and results in
SSLEnabled="true" keystoreFile="C:\cert.pfx" $16QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" keystoreType="PKCS12"/>
instead of
SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" keystoreType="PKCS12"/>
I want to be less specific for the second match grouo, for example at the moment I must specify '" keystoreType' but I would prefer to be less specific and only specify the ending quote. This way if I change the position of the keystoreType parameter in the future I don't have to worry about changing the regex to suit.
Bellow is my powershell as it stands:
#Set new password in server.xml
$pass='6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI='
$server_xml=".\server.xml"
(Get-Content $server_xml) -replace '(keystorePass=")(.*)(" keystoreType)',('$1{0}$3' -f "$pass") | Set-Content $server_xml
Bellow is an extract from my xml:
<Connector port="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="test.example.com" proxyPort="443"
SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="123abc" keystoreType="PKCS12"/>
Parse
As pointed out by #the four bird and #codextor in the comments; peeking and poking directly into a serialized string (e.g. XML) using string methods (like -Replace) is a bad idea. Instead you should use the related parser for searching and replacing which has an easier syntax, takes care of both your issues and other pitfalls (e.g. double quotes $pass='Test"123').
Security
There is even a protentional security risk by ignoring the related parsers as a user (which is assumed only allowed to supply a password) could inject a new property in your xml (connector) by supplying a password like:
$pass = 'MyPass" maxParameterCount="0'
Examples
$Xml = [Xml]'<Connector port="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="test.example.com" proxyPort="443" SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="123abc" keystoreType="PKCS12"/>'
$Xml.Connector.keystorePass = '6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI='
$Xml.Connector
port : 443
relaxedPathChars : []|
relaxedQueryChars : []|{}^\`"<>
maxThreads : 150
minSpareThreads : 25
connectionTimeout : 20000
enableLookups : false
maxHttpHeaderSize : 8192
protocol : HTTP/1.1
useBodyEncodingForURI : true
redirectPort : 8443
acceptCount : 100
disableUploadTimeout : true
bindOnInit : false
secure : true
scheme : https
proxyName : test.example.com
proxyPort : 443
SSLEnabled : true
keystoreFile : C:\cert.pfx
keystorePass : 6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=
keystoreType : PKCS12
$Xml.OuterXml
<Connector port="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="test.example.com" proxyPort="443" SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" keystoreType="PKCS12" />
Addendum
(based on the additional info in the comments)
If there are more connectors in your xml, as e.g.:
$Xml = [Xml]'
<Connectors>
<Connector
port="80"
keystorePass="Pass1" />
<Connector
port="443"
keystorePass="Pass2" />
</Connectors>'
You might address the connectors like:
$Xml.Connectors.Connector[0].keystorePass = 'Pass80'
$Xml.Connectors.Connector.Where{ $_.port -eq '443' }.SetAttribute('keystorePass', 'Pass443')
$Xml.OuterXml
<Connectors><Connector port="80" keystorePass="Pass80" /><Connector port="443" keystorePass="Pass443" /></Connectors>
This person had a similar issue that I was able to use the regex in my code:
Hide passwords in string
I ended up with the following:
#Set new password in server.xml
$pass='6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI='
$server_xml=".\server.xml"
(Get-Content $server_xml) -replace '(?:(?<=keystorePass=")\S+(?="))',("$pass") | Set-Content $server_xml
Related
In unix using putty I am able to get a result:
curl http://localhost:8080/products-ut-wo-db/rest/products
In security group I have inbound: 8080
In /home/ec2-user/java/tomcat9/webapps/manager/META-INF/context.xml I comment out the valve following:
I tried these url nothing come:
http://ec2-18-236-111-143.us-west-2.compute.amazonaws.com:8080/products-ut-wo-db/rest/products
http://ec2-18-236-111-143.us-west-2.compute.amazonaws.com:8080
Here is my netstat -nat:
Here is the /home/ec2-user/java/tomcat9/conf/server.xml:
Here is my /home/ec2-user/java/tomcat9/conf/server.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Any help or hint will be greatly appreciated it.
It seems that tomcat is not binding to a IPv4 address (according to netstat output, it is only bound to IPv6 - check first column).
In order to configure tomcat to bind to IPv4, refer to this answer. It describes the proper way to configure your tomcat JVM to preferIPv4Stack and preferIPv4Addresses.
Current jBoss configuration makes web services available both on HTTP (port 7001) and HTTPS(port 7002), wsdl contains soap:address
location="http://localhost:7001/my/web/service/url/".
What I want is to force it to show
location="httpS://localhost:7002/my/web/service/url/".
Here are some key parts of standalone.xml:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="7002"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ssl" key-alias="softclub.mobile.banking" password="rmi+ssl" certificate-key-file="../standalone/configuration/jboss.keystore" protocol="TLSv1" verify-client="false"/>
</connector>
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
...
</subsystem>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="http" port="7001"/>
<socket-binding name="https" port="7002"/>
....
</socket-binding-group>
Is it possible?
I tried my best to get this and had little luck, I have following file and I want to replace
first “<Connector port="8080"” xml block with ‘xxxx’
Before :
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
After :
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
xxxx
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
I got the matching string to print using following sed command :
sed -n '/<Connector port="8080"/,/>/p' filename
However I’m unable to develop this to get above output.
This sed should do the trick on your sample input (but gets overzealous if you have more than one <Connector port="8080" section):
sed '/<Connector port="8080"/,/>/{ s/<Connector.*/xxxx/; t; d }'
But handling this robustly calls for an XML parser. Example:
#!/usr/bin/env ruby
require 'rexml/document'
include REXML
d = Document.new(File.read(ARGV[0]))
e = d.get_elements('//Connector[#port="8080"]').first
if !e.nil?
e.parent.insert_after(e, Text.new('xxxx'))
e.parent.delete(e)
end
File.open(ARGV[0],'w'){|f| f.print(d) }
sed '/<Connector port="8080"/,/>/ {
N
/>/ s/.*/xxxx/
}' YourFile
load the section of connector before changing it to xxxx, this allow you to eventually test something on it (but not better than pobrelkey if not)
Thanks all for the answers , they worked well .Appriciate it:
Also i got following from one of my firend which also a answer to this using awk
awk '/<Connector port/ {
print "abc"
getline
do {
getline
} while (index($0, ">") == 0)
getline
}
// { print $0}' < 1.txt
Running ColdFusion 9,0,1,274733 on JRun (J2EE install), Windows Server 2008 R2, Java 1.6.0_22
Has anyone else had a problem getting the default document, index.cfm, to work with ColdFusion? I'm assuming that this is only an issue because of our setup; different web server (IIS) and application server (ColdFusion). I can't imagine we are the only ones running this configuration. Are we?
So here is the issue.
If we request http://mysite.com/index.cfm it works.
If we request http://mysite.com/ it does not work and we get a 404.
I checked the web connector's log file on our IIS server and can see that it is sending the request to our ColdFusion server. The ColdFusion server is sending back the 404 error code but I can't figure out why. We have the default document set on our IIS server for index.cfm. We also have the <welcome-file-list> set to include index.cfm on our application server (web.xml).
From our web connector's log when we do NOT include index.cfm:
2012-11-01 13:37:22 jrISAPI[4544:3600] ***HttpExtensionProc for JRun ISAPI Extension: uri is "/test/"
2012-11-01 13:37:22 jrISAPI[4544:3600] HTTP_HOST: servername
2012-11-01 13:37:22 jrISAPI[4544:3600] filtering /test/ (/test/) HOST=servername
2012-11-01 13:37:22 jrISAPI[4544:3600] filterRequest: no match
2012-11-01 13:37:22 jrISAPI[4544:3600] ExecUrl: request received: URL=/test/
2012-11-01 13:37:22 jrISAPI[4544:3600] ExecUrl Completion: 404, ErrorCode=2, URL=/test/.
From our web connector's log when we do include index.cfm:
2012-11-01 13:49:02 jrISAPI[9936:3600] ***HttpExtensionProc for JRun ISAPI Extension: uri is "/test/index.cfm"
2012-11-01 13:49:02 jrISAPI[9936:3600] HTTP_HOST: servername
2012-11-01 13:49:02 jrISAPI[9936:3600] filtering /test/index.cfm (/test/index.cfm) HOST=servername
2012-11-01 13:49:02 jrISAPI[9936:3600] filterRequest: matched *.cfm
2012-11-01 13:49:02 jrISAPI[9936:3600] ***IISWorkerThreadProc for JRun ISAPI Extension: uri is "/test/index.cfm"
2012-11-01 13:49:02 jrISAPI[9936:3600] ALL_RAW: Connection: Keep-Alive
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application (553)
2012-11-01 13:49:02 jrISAPI[9936:3600] Headers and Values:
... and much more ...
We have gotten around this issue by using the URL Rewrite module in IIS to append index.cfm to the URL. It works but my gut keeps telling me that we should not need to do that for such basic functionality.
Is anyone else having this issue? How have you gotten around this?
EDIT adding some more info
Here is my site's web.config file contents from the IIS server:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="JWildCardHandler" path="*" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\1\jrun_iis6_wildcard.dll" resourceType="Unspecified" requireAccess="None" />
<add name="hbmxmlHandler" path="*.hbmxml" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfswfHandler" path="*.cfswf" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfrHandler" path="*.cfr" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfcHandler" path="*.cfc" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfmlHandler" path="*.cfml" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfmHandler" path="*.cfm" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="jwsHandler" path="*.jws" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="jspHandler" path="*.jsp" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
</handlers>
<defaultDocument>
<files>
<add value="index.cfm" />
</files>
</defaultDocument>
<staticContent>
<mimeMap fileExtension=".air" mimeType="application/vnd.adobe.air-application-installer-package zip" />
</staticContent>
</system.webServer>
</configuration>
Here is some of the file contents from the APP server web.xml:
<welcome-file-list id="WelcomeFileList_1034546870672">
<welcome-file>index.cfm</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
Within IIS Manager try adding a default document of "index.cfm" for your website.
I also posted this question on the Adobe forums and it has gained more traction over there. You can read all of the details here.
It seems like the main issue I was having is that IIS was not passing '/index.cfm' to the web connector once it had determined that ColdFusion had no mapping for '/'. This began working after I created a blank (empty) index.cfm file on the web server. I do not recall having to place the CFM files on the web server when using distributed mode in the past. Can anyone confirm or deny that the CFM files need to reside on both servers for this to work (without using rewrite rules anyway)?
I'm a bit late to the party on this one, but I've been working on a system where I need to switch between CF8 & CF10 on the same dev server pretty frequently so I've been working on a batch file to run wsconfig to save myself some effort and I ran into the same issue. CF working fine but never processing index.cfm for / - as above, all the mappings appeared to be set up correctly.
I found that wsconfig works much more reliably if you add each site my name rather than using "-site 0"
So, for example, to manually remove and reinstall the connectors for two sites running on IIS
set CFUSION_HOME=C:\ColdFusion10\cfusion
%CFUSION_HOME%\runtime\bin\wsconfig -uninstall
net start "ColdFusion 10 Application Server"
%CFUSION_HOME%\runtime\bin\wsconfig -ws IIS -site "Default Web Site"
%CFUSION_HOME%\runtime\bin\wsconfig -ws IIS -site "My Website Name"
I had the same problem after upgrading CF from 2016 to 2018 / 2021. The solution is this: open IIS Manager and go to Handler Mappings. Here, search for cfcHandler, cfmHandler, cfmlHandler entries and right click, edit them and you will probably see something like this: C:\ColdFusion2021\config\wsconfig\1\isapi_redirect.dll
Make sure the path is updated to the current version of the ColdFusion server. In my case it was still trying to access ColdFusion2016 folder even if I updated to 2021.
This solved the problem for me.
I am making an Ubuntu package that depends on Tomcat7 through HTTPS. To make it convenient for our customers, I would like the install script of the package enable HTTPS in Tomcat7. This is pretty easy to do manually; in the file /etc/tomcat7/server.xml, one needs to uncomment the following block:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
How could I do this from a shellscript? Preferebly in a way that it still works for slight modifications of the exact pattern. I think the rule would be something along the lines of search for '<Connector port="8443"' and then remove <!-- and --> before and after the block.
Consider apply a patch on your server.xml.
Generating a patch file:
diff -ruN server.xml.old server.xml.new > mydiff.patch
Where server.xml.old is the original file, and server.xml.new is the file as you want.
The patch (mydiff.patch) will look like this:
--- server.xml.old 2011-10-29 04:03:25.000000000 -0300
+++ server.xml.new 2011-10-29 04:04:03.000000000 -0300
## -1,10 +1,10 ##
(...)
- <!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
- --->
(...)
Then, just apply the patch:
patch server.xml mydiff.patch
You can run the patch command with the flag -N. Thus, it will skip files that seems already patched.
diff should most probably be the tool of your choice. But if the original config file is changed frequently, diff could not be able to apply your script in future versions.
sed also has the ability to read in more than one line. You may want to look at this example that also deals with modifying an xml document.
This might work:
sed -nr '/^<!--/,/^-->/!{p;b};/^<!--/{h;d};H;/^-->/{x;/<Connector port="8443"/{s/(^<!--\s*\n|\n\s*-->)//g};p}'
This ignores all non-comment lines. Saves the comment lines in hold space then deletes the start/end comment delimiters if the comment contains <Connector port="8443" and then prints the comment/non-comment.