pki.git/base/ca/shared/webapps, branch alee-91 Unnamed repository; edit this file 'description' to name the repository. Reorganized CA, KRA, OCSP, TKS templates. 2012-11-12T17:04:02+00:00 Endi Sukma Dewata edewata@redhat.com 2012-11-09T08:36:17+00:00 46fda5d944772ac62675570037785e39c517002b All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407 
All remaining theme files for Tomcat subsystems which include
the templates and JS files have been moved from the theme folder
at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem
webapp folder at base/<subsystem>/shared/webapps/<subsystem>.

The deployment tools have been updated to use the new location.

Ticket #407
Added ACLInterceptor. 2012-11-08T16:20:05+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-10T09:38:05+00:00 cb209df95c4dee11f2a912e20b417fa3bc41c88f Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287 
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.

Ticket #287
Enabled realm authentication for certificate requests. 2012-10-22T22:12:35+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-03T14:55:53+00:00 c1f9b3999a3dc5020b08fa4106c6c3a632183de9 The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300 
The realm authentication on certificate request REST services has
been enabled. Since now in the CLI the authentication is done using
a separate login operation, it is now possible to POST the approval
data without the problem related to chunked message.

Ticket #300
Added REST account service. 2012-10-22T22:12:20+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-08T19:50:26+00:00 1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357 
A REST account service has been added to allow client to login
to establish a session and to logout to destroy the session. This
way multiple operations can be executed using the same session
without having to re-authenticate.

Ticket #357
Enabled authentication for security domain REST interface. 2012-10-18T15:06:54+00:00 Endi Sukma Dewata edewata@redhat.com 2012-09-06T21:33:48+00:00 168d95446c3a7ae8643128a51fa86dd326e3a6a8 The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309 
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309
Added common ROOT webapp. 2012-09-12T17:38:58+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-28T19:14:54+00:00 7c622a4e5714af8f83ce30022c970cc36c2ee597 The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89 
The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89
Added proxy realm. 2012-09-05T15:09:41+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-21T22:38:29+00:00 8eb2eac080c2e9595b506f49f25d2c1718453bbc CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89 
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89
Enabled SSL authenticator and PKI realm. 2012-08-03T22:07:20+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107 
The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107
Moved REST services into separate URLs. 2012-08-03T22:07:13+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 eca4d635e67eaf3c6878d35acfaaf11df53151e2 To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107 
To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.

Ticket #107
PKI Deployment Scriptlets 2012-07-19T17:15:56+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-04T00:52:33+00:00 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse) 
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
  support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
  parameter
* Introduction of default configuration of 'log4j'
  mechanism (alee)
* Modify web.xml to use new Application classes to
  bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
  Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
  a remote java debugger (e. g. - eclipse)