pki.git/base/common/shared/conf, branch direct-deployment

Deploying webapps from shared folder.

2013-02-06T00:57:38+00:00

Rearranged context.xml.

2013-02-05T22:29:01+00:00

Previously the context.xml files are deployed into META-INF folders
in each webapps. They now have been moved into /conf/
Catalina/localhost/.xml to allow further clean-up.

Use tomcatjss 7.1.0 and fix weird errno=0 exception

2013-01-07T20:00:46+00:00

* TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and
  dogtag-pki.spec . . .
* TRAC Ticket #468 - pkispawn throws exception

Hardcode setting of resteasy-lib for instance

2012-12-19T02:40:24+00:00

Tomcat in f17 expects the file under /etc/sysconfig/foo to be a
set of environment variables being set, and parses it that way.
We recently added some logic to source the global pki.conf file.
This works in f18, but breaks instance startup in f17.

While this works in f18, its an indication that we are using the
tomcat config file incorrectly.  Reverting to hardcoding resteasy lib.

Parameterizing RESTEasy paths.

2012-12-07T02:23:11+00:00

The paths to RESTEasy jar files have been modified such that it can
be configured globally at build time using the spec file to support
different distributions, and at deployment time using a system-wide
configuration in /etc/pki/pki.conf.

Ticket #422, #423.

Fixed permission problem in TKS.

2012-11-30T21:03:43+00:00

The pki.policy has been modified to grant permission to symkey.jar
which is used by TKS.

Ticket #415

Misc changes to get rhel 7 build to work

2012-11-21T15:47:50+00:00

1. Modified cmake dependency
2. Corrected conditionals in spec file
3. Added paths for resteasy-base
4. Added paths to policy for resteasy-base

Enabled Tomcat security manager.

2012-10-27T04:32:31+00:00

The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.

The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.

Ticket #223

Restrict AJP to localhost only by default

2012-10-26T02:13:09+00:00

Ticket 369

Added proxy realm.

2012-09-05T15:09:41+00:00

CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89