diff --git a/data-access/servlet/src/main/webapp/WEB-INF/async-uws.node.xml.default b/data-access/servlet/src/main/webapp/WEB-INF/async-uws.node.xml.default
new file mode 100644
index 0000000000000000000000000000000000000000..3053fe3650b9deacc30fdd9d5acce77abc6572a9
--- /dev/null
+++ b/data-access/servlet/src/main/webapp/WEB-INF/async-uws.node.xml.default
@@ -0,0 +1,40 @@
+
+ <servlet>
+ <servlet-name>uws_merge</servlet-name>
+ <servlet-class>UWSMerge</servlet-class>
+ <init-param>
+ <param-name>name</param-name>
+ <param-value>merge</param-value>
+ </init-param>
+ <init-param>
+ <param-name>rootDirectory</param-name>
+ <param-value>/tmp</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>uws_merge</servlet-name>
+ <url-pattern>/uws/merge/*</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>uws_mcutout</servlet-name>
+ <servlet-class>UWSMCutout</servlet-class>
+ <init-param>
+ <param-name>name</param-name>
+ <param-value>mcutout</param-value>
+ </init-param>
+ <init-param>
+ <param-name>rootDirectory</param-name>
+ <param-value>/tmp</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>uws_mcutout</servlet-name>
+ <url-pattern>/async/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>uws_mcutout</servlet-name>
+ <url-pattern>/uws/mcutout/*</url-pattern>
+ </servlet-mapping>
+
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/security.node.xml.default b/data-access/servlet/src/main/webapp/WEB-INF/security.node.xml.default
new file mode 100644
index 0000000000000000000000000000000000000000..2ed5658f066fb5105f98a896ffe6311c87b21a4d
--- /dev/null
+++ b/data-access/servlet/src/main/webapp/WEB-INF/security.node.xml.default
@@ -0,0 +1,20 @@
+
+ <filter>
+ <filter-name>TokenFilter</filter-name>
+ <filter-class>it.inaf.ia2.aa.TokenFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>TokenFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter>
+ <filter-name>AuthZFilter</filter-name>
+ <filter-class>AuthZFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>AuthZFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/soda.node.xml b/data-access/servlet/src/main/webapp/WEB-INF/soda.node.xml
new file mode 100644
index 0000000000000000000000000000000000000000..081bc3d2ca164884f683f7bfab584491438fd250
--- /dev/null
+++ b/data-access/servlet/src/main/webapp/WEB-INF/soda.node.xml
@@ -0,0 +1,29 @@
+
+ <servlet>
+ <servlet-name>vlkb_vosi_availability</servlet-name>
+ <servlet-class>VlkbServletFile</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_vosi_availability</servlet-name>
+ <url-pattern>/availability</url-pattern>
+ </servlet-mapping>
+
+ <servlet>
+ <servlet-name>vlkb_vosi_capabilities</servlet-name>
+ <servlet-class>VlkbServletFile</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_vosi_capabilities</servlet-name>
+ <url-pattern>/capabilities</url-pattern>
+ </servlet-mapping>
+
+
+ <servlet>
+ <servlet-name>vlkb_soda</servlet-name>
+ <servlet-class>ServletCutout</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>vlkb_soda</servlet-name>
+ <url-pattern>/sync</url-pattern>
+ </servlet-mapping>
+
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-garrtoken.xml b/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-garrtoken.xml
deleted file mode 100644
index 7454992e71f8d5721e9a34ec2a69d39219ffbe93..0000000000000000000000000000000000000000
--- a/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-garrtoken.xml
+++ /dev/null
@@ -1,128 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-
-<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <display-name>Via Lactea. Query FITS datacubes.</display-name>
- <distributable/>
-
-
-
-
- <filter>
- <filter-name>TokenFilter</filter-name>
- <filter-class>NeaTokenFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>TokenFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>AuthZFilter</filter-name>
- <filter-class>AuthZFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>AuthZFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-
-
-
- <servlet>
- <servlet-name>default</servlet-name>
- <servlet-class>
- org.apache.catalina.servlets.DefaultServlet
- </servlet-class>
- <init-param>
- <param-name>debug</param-name>
- <param-value>0</param-value>
- </init-param>
- <init-param>
- <param-name>listings</param-name>
- <param-value>false</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>default</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-
-
-
-
-
-
-
-
- <servlet>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <url-pattern>/availability</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <url-pattern>/capabilities</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_soda</servlet-name>
- <servlet-class>ServletCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_soda</servlet-name>
- <url-pattern>/sync</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>uws_merge</servlet-name>
- <servlet-class>UWSMerge</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>merge</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_merge</servlet-name>
- <url-pattern>/uws/merge/*</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_mcutout</servlet-name>
- <servlet-class>UWSMCutout</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>mcutout</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_mcutout</servlet-name>
- <url-pattern>/uws/mcutout/*</url-pattern>
- </servlet-mapping>
-
-
-</web-app>
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-ia2token.xml b/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-ia2token.xml
deleted file mode 100644
index 6a4d15e5a9c4d4292119be2595cbb70100f3d171..0000000000000000000000000000000000000000
--- a/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-ia2token.xml
+++ /dev/null
@@ -1,129 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-
-<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <display-name>Via Lactea. Query FITS datacubes.</display-name>
- <distributable/>
-
-
-
- <filter>
- <filter-name>TokenFilter</filter-name>
- <filter-class>it.inaf.ia2.aa.TokenFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>TokenFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>AuthZFilter</filter-name>
- <filter-class>AuthZFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>AuthZFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-
-
-
- <servlet>
- <servlet-name>default</servlet-name>
- <servlet-class>
- org.apache.catalina.servlets.DefaultServlet
- </servlet-class>
- <init-param>
- <param-name>debug</param-name>
- <param-value>0</param-value>
- </init-param>
- <init-param>
- <param-name>listings</param-name>
- <param-value>false</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>default</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-
-
-
-
-
-
-
-
- <servlet>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <url-pattern>/availability</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <url-pattern>/capabilities</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_soda</servlet-name>
- <servlet-class>ServletCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_soda</servlet-name>
- <url-pattern>/sync</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>uws_merge</servlet-name>
- <servlet-class>UWSMerge</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>merge</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_merge</servlet-name>
- <url-pattern>/uws/merge/*</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_mcutout</servlet-name>
- <servlet-class>UWSMCutout</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>mcutout</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_mcutout</servlet-name>
- <url-pattern>/uws/mcutout/*</url-pattern>
- </servlet-mapping>
-
-
-</web-app>
-
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-iamtoken.xml b/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-iamtoken.xml
deleted file mode 100644
index dc09f5ce57954c057a4043cc6f503fd8d2aef302..0000000000000000000000000000000000000000
--- a/data-access/servlet/src/main/webapp/WEB-INF/web-cutout-iamtoken.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-
-<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <display-name>Via Lactea. Query FITS datacubes.</display-name>
- <distributable/>
-
-
-
-
- <filter>
- <filter-name>TokenFilter</filter-name>
- <filter-class>IamTokenFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>TokenFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-
-
-
- <servlet>
- <servlet-name>default</servlet-name>
- <servlet-class>
- org.apache.catalina.servlets.DefaultServlet
- </servlet-class>
- <init-param>
- <param-name>debug</param-name>
- <param-value>0</param-value>
- </init-param>
- <init-param>
- <param-name>listings</param-name>
- <param-value>false</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>default</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-
-
-
-
-
-
-
- <servlet>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <url-pattern>/availability</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <url-pattern>/capabilities</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_soda</servlet-name>
- <servlet-class>ServletCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_soda</servlet-name>
- <url-pattern>/sync</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>uws_merge</servlet-name>
- <servlet-class>UWSMerge</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>merge</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_merge</servlet-name>
- <url-pattern>/uws/merge/*</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_mcutout</servlet-name>
- <servlet-class>UWSMCutout</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>mcutout</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_mcutout</servlet-name>
- <url-pattern>/uws/mcutout/*</url-pattern>
- </servlet-mapping>
-
-</web-app>
-
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/web.xml b/data-access/servlet/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index 13b4928a3935425dc969e85ec3d317b1cf1370b0..0000000000000000000000000000000000000000
--- a/data-access/servlet/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,151 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-
-<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <display-name>ViaLactea. Access FITS datacubes.</display-name>
- <distributable/>
-
-
-<!-- uncomment IA2 or GARR token filter to enable security
-
- <filter>
- <filter-name>TokenFilter</filter-name>
- <filter-class>it.inaf.ia2.aa.TokenFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>TokenFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>UserTypeConverter</filter-name>
- <filter-class>IA2TokenConvFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>UserTypeConverter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-
-
- <filter>
- <filter-name>TokenFilter</filter-name>
- <filter-class>NeaAuthFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>TokenFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
--->
-<!-- in addition to one of the above token-filters, uncomment this to enable group-based authorization check
- <filter>
- <filter-name>AuthorizationResponseFilter</filter-name>
- <filter-class>AuthorizationResponseFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>AuthorizationResponseFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
--->
-
-
-
- <servlet>
- <servlet-name>default</servlet-name>
- <servlet-class>
- org.apache.catalina.servlets.DefaultServlet
- </servlet-class>
- <init-param>
- <param-name>debug</param-name>
- <param-value>0</param-value>
- </init-param>
- <init-param>
- <param-name>listings</param-name>
- <param-value>false</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>default</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-
-
-
-
-
-
-
- <servlet>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <url-pattern>/availability</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <url-pattern>/capabilities</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_soda</servlet-name>
- <servlet-class>ServletCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_soda</servlet-name>
- <url-pattern>/sync</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>uws_merge</servlet-name>
- <servlet-class>UWSMerge</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>merge</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_merge</servlet-name>
- <url-pattern>/uws/merge/*</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_mcutout</servlet-name>
- <servlet-class>UWSMCutout</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>mcutout</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_mcutout</servlet-name>
- <url-pattern>/uws/mcutout/*</url-pattern>
- </servlet-mapping>
-
-</web-app>
-
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/web.xml.epilog b/data-access/servlet/src/main/webapp/WEB-INF/web.xml.epilog
new file mode 100644
index 0000000000000000000000000000000000000000..76bd9280e8f31e4430c240c33284781635dc1a0a
--- /dev/null
+++ b/data-access/servlet/src/main/webapp/WEB-INF/web.xml.epilog
@@ -0,0 +1,3 @@
+
+</web-app>
+
diff --git a/data-access/servlet/src/main/webapp/WEB-INF/web.xml.prolog b/data-access/servlet/src/main/webapp/WEB-INF/web.xml.prolog
new file mode 100644
index 0000000000000000000000000000000000000000..fec91d029eba2688f7555c0b2fdca3a516b47bd2
--- /dev/null
+++ b/data-access/servlet/src/main/webapp/WEB-INF/web.xml.prolog
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
+ Use is subject to license terms.
+-->
+
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ <display-name>Via Lactea. Query FITS datacubes.</display-name>
+ <distributable/>
+
diff --git a/docker/Dockerfile.soda b/docker/Dockerfile.soda
index 5af5ca312eab98b35e5ffda46993520e83978dae..654e42a18568081238c2771082fbb429cd59ea5d 100644
--- a/docker/Dockerfile.soda
+++ b/docker/Dockerfile.soda
@@ -61,7 +61,7 @@ RUN echo "${INST_DIR}/lib" > /etc/ld.so.conf.d/ast.conf && ldconfig \
COPY deps/context.xml ${WEBAPP_DIR}/META-INF/context.xml
# enable SKA IAM token filter update
-RUN chmod a+rw ${WEBAPP_DIR}/WEB-INF/web.xml \
+RUN chmod -R a+rwX ${WEBAPP_DIR}/WEB-INF \
&& touch ${WEBAPP_DIR}/WEB-INF/classes/ia2token.properties \
&& touch ${WEBAPP_DIR}/WEB-INF/classes/iamtoken.properties \
&& chmod a+rw ${WEBAPP_DIR}/WEB-INF/classes/*.properties
diff --git a/docker/example-compose-soda.yaml b/docker/example-compose-soda.yaml
index bcd6df28161f16ec049537f6b2a963bcc5b67e0c..939c41954d593b93af05c24bde2636472912f9bd 100644
--- a/docker/example-compose-soda.yaml
+++ b/docker/example-compose-soda.yaml
@@ -1,7 +1,20 @@
-version: '3'
services:
+ vlkb:
+ container_name: vlkb
+ image: soda:latest
+# user: root:root
+ ports:
+ - 8080:8080
+ environment:
+ - ACCESS_CONTEXT_ROOT=soda
+ volumes:
+ - /srv/vlkb/surveys:/srv/datasets:ro
+ - $PWD/start-soda.log:/tmp/start-soda.log:rw
+# restart: always
+
+
ska:
container_name: ska
image: harbor.srcdev.skao.int/soda/visivo-vlkb-soda:1.7
diff --git a/docker/start-soda.sh b/docker/start-soda.sh
index c05f01978aa8e97b72f76d068d06043c43130d17..b5617c507bbb0cae22eeaa74b7a81810c4cee398 100755
--- a/docker/start-soda.sh
+++ b/docker/start-soda.sh
@@ -7,6 +7,7 @@ date
env
# set optional
+ENABLE_ASYNC_UWS=${ENABLE_ASYNC_UWS:-}
ACCESS_CONTEXT_ROOT=${ACCESS_CONTEXT_ROOT:-soda}
OIDC_RAP_URL=${OIDC_RAP_URL:-}
@@ -25,30 +26,13 @@ SECURITY=${SECURITY:-}
KEYSTORE_ALIAS=${KEYSTORE_ALIAS:-}
+# configure server
-# configure CONTEXT_ROOT
mkdir -p $CATALINA_BASE/conf/Catalina/localhost
cp $WEBAPP_DIR/META-INF/context.xml $CATALINA_BASE/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml
-# env SECURITY (deprecated)
-
-case $SECURITY in
- iamtoken)
- echo "SECURITY is set: "$SECURITY
- cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
- cp /etc/pki/tls/server-connector.xml $CATALINA_BASE/conf
- cp /etc/pki/tls/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/
- ;;
- *)
- echo "SECURITY not configured."
- ;;
-esac
-
-
-# configure TLS
-
if [ -f /etc/pki/tls/keystore.jks ] && [ -f /etc/pki/tls/keystore.pwd ];
then
cp $CATALINA_BASE/conf/server-connector.xml-8443 $CATALINA_BASE/conf/server-connector.xml
@@ -60,33 +44,15 @@ then
sed -i "s/tomcat/$KEYSTORE_ALIAS/" $CATALINA_BASE/conf/server-connector.xml
fi
-# configure SKA IAM
-if [ -z "$OIDC_INTROSPECT" ] || [ -z "$OIDC_CLIENT" ] || [ -z "$OIDC_PASSWORD" ];
-then
- echo "Some of OIDC_ for SKA IAM is not set."
- echo "url: "$OIDC_INTROSPECT
- echo "cli: "$OIDC_CLIENT
- echo "pwd: "$OIDC_PASSWORD
-else
- echo "Config SKA IAM ..."
- {
- echo "introspect=$OIDC_INTROSPECT"
- echo "client_name=$OIDC_CLIENT"
- echo "client_password=$OIDC_PASSWORD"
- } > $WEBAPP_DIR/WEB-INF/classes/iamtoken.properties
- cp $WEBAPP_DIR/WEB-INF/web-cutout-iamtoken.xml $WEBAPP_DIR/WEB-INF/web.xml
-fi
+# configure webapp
-# configure IA2 security
-if [ -z "$OIDC_RAP_URL" ] || [ -z "$OIDC_GMS_URL" ] || [ -z "$OIDC_CLIENT" ] || [ -z "$OIDC_SECRET" ];
+if [ -z "$OIDC_RAP_URL" ] || [ -z "$OIDC_GMS_URL" ] || [ -z "$OIDC_CLIENT" ] || [ -z "$OIDC_SECRET" ] \
+ [ -z "$AUTHZ_DB_URL" ] || [ -z "$AUTHZ_DB_SCHEMA" ] || [ -z "$AUTHZ_DB_USERNAME" ] || [ -z "$AUTHZ_DB_PASSWORD" ];
then
- echo "Some of OIDC_ for IA2 is not set."
- echo "rap: "$OIDC_RAP_URL
- echo "gms: "$OIDC_GMS_URL
- echo "cli: "$OIDC_CLIENT
- echo "pwd: "$OIDC_SECRET
+ echo "Some of OIDC_ or AUTHZ_ is not set. All must be set to activate security."
+ touch $WEBAPP_DIR/WEB-INF/security.node.xml
else
echo "Config IA2 OIDC ..."
{
@@ -99,15 +65,7 @@ else
echo "scope=openid email profile read:rap"
echo "allow_anonymous_access=true"
} > $WEBAPP_DIR/WEB-INF/classes/ia2token.properties
- cp $WEBAPP_DIR/WEB-INF/web-cutout-ia2token.xml $WEBAPP_DIR/WEB-INF/web.xml
-fi
-# VLKB authorization
-
-if [ -z "$AUTHZ_DB_URL" ] || [ -z "$AUTHZ_DB_SCHEMA" ] || [ -z "$AUTHZ_DB_USERNAME" ] || [ -z "$AUTHZ_DB_PASSWORD" ];
-then
- echo "Some of AUTHZ_DB_ is not set."
-else
echo "Config VLKB authorization ..."
{
echo "db_uri=$AUTHZ_DB_URL"
@@ -115,10 +73,28 @@ else
echo "db_user_name=$AUTHZ_DB_USERNAME"
echo "db_password=$AUTHZ_DB_PASSWORD"
} > $WEBAPP_DIR/WEB-INF/classes/authpolicy.properties
- #cp $WEBAPP_DIR/WEB-INF/web-cutout-ia2token.xml $WEBAPP_DIR/WEB-INF/web.xml
+
+ cp $WEBAPP_DIR/WEB-INF/security.node.xml.default $WEBAPP_DIR/WEB-INF/security.node.xml
fi
+if [ -z "$ENABLE_ASYNC_UWS" ];
+then
+ echo "/async/uws endpoint not active."
+ touch $WEBAPP_DIR/WEB-INF/async-uws.node.xml
+else
+ echo "/async/uws endpoint enabled."
+ cp $WEBAPP_DIR/WEB-INF/async-uws.node.xml.default $WEBAPP_DIR/WEB-INF/async-uws.node.xml
+fi
+
+
+# create web-app endpoints
+cat $WEBAPP_DIR/WEB-INF/web.xml.prolog \
+ $WEBAPP_DIR/WEB-INF/security.node.xml \
+ $WEBAPP_DIR/WEB-INF/soda.node.xml \
+ $WEBAPP_DIR/WEB-INF/async-uws.node.xml \
+ $WEBAPP_DIR/WEB-INF/web.xml.epilog > $WEBAPP_DIR/WEB-INF/web.xml
+
# config debug