pki.git/base/ca/shared/webapps, branch ticket-309 Unnamed repository; edit this file 'description' to name the repository. Enabled authentication for security domain REST interface. 2012-10-17T23:26:10+00:00 Endi Sukma Dewata edewata@redhat.com 2012-09-06T21:33:48+00:00 2e2a1ed2401a9b0130eb2b5218508f5c1fd569b1 The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309 
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309
Added common ROOT webapp. 2012-09-12T17:38:58+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-28T19:14:54+00:00 7c622a4e5714af8f83ce30022c970cc36c2ee597 The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89 
The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89
Added proxy realm. 2012-09-05T15:09:41+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-21T22:38:29+00:00 8eb2eac080c2e9595b506f49f25d2c1718453bbc CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89 
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89
Enabled SSL authenticator and PKI realm. 2012-08-03T22:07:20+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107 
The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107
Moved REST services into separate URLs. 2012-08-03T22:07:13+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 eca4d635e67eaf3c6878d35acfaaf11df53151e2 To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107 
To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.

Ticket #107
PKI Deployment Scriptlets 2012-07-19T17:15:56+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-04T00:52:33+00:00 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse) 
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
  support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
  parameter
* Introduction of default configuration of 'log4j'
  mechanism (alee)
* Modify web.xml to use new Application classes to
  bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
  Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
  a remote java debugger (e. g. - eclipse)
RESTful servlet to configure system in a single servlet. 2012-05-01T21:22:38+00:00 Ade Lee alee@redhat.com 2012-04-13T17:51:32+00:00 80aff97bedf8c2ee5f58209f36f18ebbc475ccb1 Installation code common to the panels and the installation servlet are extracted to a ConfigurationUtils file. The panel code will be cleaned up to use the code in this class in a later commit. Contains restful client and test driver code. The test driver code should be modified and placed in a junit/system test framework. Installation has been tested to work with the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA signed by external CA (parts 1 and 2). Ticket #155 
Installation code common to the panels and the installation servlet are extracted to a
ConfigurationUtils file.  The panel code will be cleaned up to use the code in this
class in a later commit.

Contains restful client and test driver code.  The test driver code should be modified
and placed in a junit/system test framework.  Installation has been tested to work with
the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA
signed by external CA (parts 1 and 2).

Ticket #155
Removed unnecessary pki folder. 2012-03-26T16:43:54+00:00 Endi Sukma Dewata edewata@redhat.com 2012-03-24T07:27:47+00:00 621d9e5c413e561293d7484b93882d985b3fe15f Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131