pki.git/base/common/shared, branch alee-76 Unnamed repository; edit this file 'description' to name the repository. Added common ROOT webapp. 2012-09-12T17:38:58+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-28T19:14:54+00:00 7c622a4e5714af8f83ce30022c970cc36c2ee597 The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89 
The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89
Added proxy realm. 2012-09-05T15:09:41+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-21T22:38:29+00:00 8eb2eac080c2e9595b506f49f25d2c1718453bbc CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89 
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89
Enabled SSL authenticator and PKI realm. 2012-08-03T22:07:20+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107 
The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107
Refactored PKI JNDI realm. 2012-08-01T04:16:34+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-31T00:50:23+00:00 7d4a40bdd6bf6ef37705be7131fdc179bb5c1e7d The PKI JNDI realm has been modified to utilize the authentication and authorization subsystems in PKI engine directly. It's no longer necessary to define the LDAP connection settings in Tomcat's configuration files. Ticket #126 
The PKI JNDI realm has been modified to utilize the authentication
and authorization subsystems in PKI engine directly. It's no longer
necessary to define the LDAP connection settings in Tomcat's
configuration files.

Ticket #126
PKI Deployment Scriptlets 2012-07-31T03:51:19+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-29T01:59:30+00:00 f589cc1e267d6d7b67a6463b4495b7a9c982669f * TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not" removing "/etc/sysconfig/{pki_instance_id}" . . . * TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for configuration . . . * TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and 'pkidestroy' . . . * TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of configured PKI instance . . . * TRAC Ticket #270 - Dogtag 10: Add missing parameters to 'pkideployment.cfg' . . . * TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client information . . . * TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7 "logging.properties" * TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive' dictionary * TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and 'pkideployment.cfg' files * TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet Issues . . . 
* TRAC Ticket #263 - Dogtag 10: Fix 'pkidestroy' problem of sporadically "not"
  removing "/etc/sysconfig/{pki_instance_id}" . . .
* TRAC Ticket #264 - Dogtag 10: Enable various other subsystems for
  configuration . . .
* TRAC Ticket #261 - Dogtag 10: Revisit command-line options of 'pkispawn' and
  'pkidestroy' . . .
* TRAC Ticket #268 - Dogtag 10: Create a parameter for optional restart of
  configured PKI instance . . .
* TRAC Ticket #270 - Dogtag 10: Add missing parameters to
  'pkideployment.cfg' . . .
* TRAC Ticket #265 - Dogtag 10: Provide configurable options for PKI client
  information . . .
* TRAC Ticket #275 - Dogtag 10: Add debug information (comments) to Tomcat 7
  "logging.properties"
* TRAC Ticket #276 - Dogtag 10: Relocate all 'pin' data to the 'sensitive'
  dictionary
* TRAC Ticket #277 - Dogtag 10: Create an 'archive' for 'manifest' and
  'pkideployment.cfg' files
* TRAC Ticket #278 - Dogtag 10: Fix Miscellaneous PKI Deployment Scriptlet
  Issues . . .
PKI Deployment Scriptlets 2012-07-19T17:17:18+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-19T08:04:54+00:00 5b004df074027d1eba33c2f9038030406830cc3c * In 'catalina.properties', removed commented out jars for each of the subsystems in the 'common.loader' * In 'server.xml', removed the line containing a '1' * Moved all parameters from the [Mandatory] and [Optional] sections of the 'pkideployment.cfg' file to other more appropriate sections (e.g. - [Common], [CA], [KRA], etc.), and removed these sections and all of their associated logic from the 'pki-deploy' package * Resolved Dogtag TRAC Ticket #225 Dogtag 10: Move "pkispawn"/"pkidestroy" logs * Removed all security domain references from external CA logic * Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg' file, and applied logic throughout 'pki-deploy' * Added new error message in the case of an unset DNS domain name, and replaced the log message with a simple print in the case of a 'domainname' exception 
* In 'catalina.properties', removed commented out jars
  for each of the subsystems in the 'common.loader'
* In 'server.xml', removed the line containing a '1'
* Moved all parameters from the [Mandatory] and [Optional]
  sections of the 'pkideployment.cfg' file to other more
  appropriate sections (e.g. - [Common], [CA], [KRA], etc.),
  and removed these sections and all of their associated
  logic from the 'pki-deploy' package
* Resolved Dogtag TRAC Ticket #225
  Dogtag 10: Move "pkispawn"/"pkidestroy" logs
* Removed all security domain references from
  external CA logic
* Added new 'pki_subsystem_name' parameter to
  'pkideployment.cfg' file, and applied logic
  throughout 'pki-deploy'
* Added new error message in the case of an
  unset DNS domain name, and replaced the
  log message with a simple print in the
  case of a 'domainname' exception
PKI Deployment Scriptlets 2012-07-19T17:15:56+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-04T00:52:33+00:00 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse) 
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
  support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
  parameter
* Introduction of default configuration of 'log4j'
  mechanism (alee)
* Modify web.xml to use new Application classes to
  bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
  Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
  a remote java debugger (e. g. - eclipse)
PKI Deployment Scriptlets 2012-05-25T21:59:48+00:00 Matthew Harmsen mharmsen@redhat.com 2012-05-24T01:59:06+00:00 4a263b8db27208413acd0f038ea67629d5ee27bb * Integration of Tomcat 7 * Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy * Removal of 'pki_flavor' attribute 
* Integration of Tomcat 7
* Addition of centralized 'pki-tomcatd' systemd functionality to the
  PKI Deployment strategy
* Removal of 'pki_flavor' attribute