pki.git/base/ca/shared/webapps, branch dev2 Unnamed repository; edit this file 'description' to name the repository. Rearranged context.xml. 2013-02-05T22:29:01+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-05T22:13:22+00:00 991577dd40bbb18613893362783d0cd06cbdce79 Previously the context.xml files are deployed into META-INF folders in each webapps. They now have been moved into <instance>/conf/ Catalina/localhost/<subsystem>.xml to allow further clean-up. 
Previously the context.xml files are deployed into META-INF folders
in each webapps. They now have been moved into <instance>/conf/
Catalina/localhost/<subsystem>.xml to allow further clean-up.
Resolved Trac Ticket 367 - pkidestroy does not remove connector 2013-01-15T14:28:38+00:00 Ade Lee alee@redhat.com 2012-12-20T22:38:13+00:00 1cceecafb8050ec362a9c9568d36d52d3fe4117e * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate. 
* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.
I18n for ProfileList.template. 2012-12-03T16:48:40+00:00 Endi Sukma Dewata edewata@redhat.com 2012-11-13T23:07:43+00:00 66c519f0185f24a650df834d781be2ed7ef857f7 The messages in ProfileList.template in CA EE has been extracted into a properties file which can be translated separately. The original messages in the template have been marked as follows: <span class="message" name="...key...">...message...</span> When the page is loaded into the browser, the original message will be replaced with the translated messages. Ticket #406 
The messages in ProfileList.template in CA EE has been extracted
into a properties file which can be translated separately.

The original messages in the template have been marked as follows:
  <span class="message" name="...key...">...message...</span>

When the page is loaded into the browser, the original message will
be replaced with the translated messages.

Ticket #406
Reorganized CA, KRA, OCSP, TKS templates. 2012-11-12T17:04:02+00:00 Endi Sukma Dewata edewata@redhat.com 2012-11-09T08:36:17+00:00 46fda5d944772ac62675570037785e39c517002b All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407 
All remaining theme files for Tomcat subsystems which include
the templates and JS files have been moved from the theme folder
at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem
webapp folder at base/<subsystem>/shared/webapps/<subsystem>.

The deployment tools have been updated to use the new location.

Ticket #407
Added ACLInterceptor. 2012-11-08T16:20:05+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-10T09:38:05+00:00 cb209df95c4dee11f2a912e20b417fa3bc41c88f Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287 
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.

Ticket #287
Enabled realm authentication for certificate requests. 2012-10-22T22:12:35+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-03T14:55:53+00:00 c1f9b3999a3dc5020b08fa4106c6c3a632183de9 The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300 
The realm authentication on certificate request REST services has
been enabled. Since now in the CLI the authentication is done using
a separate login operation, it is now possible to POST the approval
data without the problem related to chunked message.

Ticket #300
Added REST account service. 2012-10-22T22:12:20+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-08T19:50:26+00:00 1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357 
A REST account service has been added to allow client to login
to establish a session and to logout to destroy the session. This
way multiple operations can be executed using the same session
without having to re-authenticate.

Ticket #357
Enabled authentication for security domain REST interface. 2012-10-18T15:06:54+00:00 Endi Sukma Dewata edewata@redhat.com 2012-09-06T21:33:48+00:00 168d95446c3a7ae8643128a51fa86dd326e3a6a8 The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309 
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309
Added common ROOT webapp. 2012-09-12T17:38:58+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-28T19:14:54+00:00 7c622a4e5714af8f83ce30022c970cc36c2ee597 The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89 
The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89
Added proxy realm. 2012-09-05T15:09:41+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-21T22:38:29+00:00 8eb2eac080c2e9595b506f49f25d2c1718453bbc CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89 
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89