pki.git/base/tks/src/com/netscape, branch master Unnamed repository; edit this file 'description' to name the repository. Reorganized REST service classes. 2014-02-28T17:54:05+00:00 Endi S. Dewata edewata@redhat.com 2014-02-20T21:58:34+00:00 d6d197d1a4513a3262a59c3989845f69285a38ad The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114 
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.

Ticket #114
Added ACL for TPS authenticators. 2013-11-14T21:54:54+00:00 Endi S. Dewata edewata@redhat.com 2013-11-13T18:52:31+00:00 b7716af212ba857f45efa7f1811d92e916abbe26 New ACL has been added to allow only the administrators to access TPS authenticators. The set of interceptors in each application has been modified to preserve the order. Ticket #652 
New ACL has been added to allow only the administrators to access
TPS authenticators.

The set of interceptors in each application has been modified to
preserve the order.

Ticket #652
Fixed problems finding user and group sub-resources. 2013-10-25T21:16:27+00:00 Endi S. Dewata edewata@redhat.com 2013-10-08T20:02:19+00:00 7ca5adf1bd5bc4f9a7c5f2035426b9158007bb28 Due to a regression RESTEasy is unable to find some sub-resources properly. As a workaround some resources need to be merged into the parent resource. The UserCertResource and UserMembershipResource have been merged into UserResource. The GroupMemberResource has been merged into GroupResource. 
Due to a regression RESTEasy is unable to find some sub-resources properly.
As a workaround some resources need to be merged into the parent resource.
The UserCertResource and UserMembershipResource have been merged into
UserResource. The GroupMemberResource has been merged into GroupResource.
Added audit resource. 2013-10-08T23:01:18+00:00 Endi S. Dewata edewata@redhat.com 2013-10-02T16:39:13+00:00 53ef3a1a1c80539a470537a03ec77cdcb71b2fd3 A new REST service and clients have been added to manage the audit configuration in all subsystems. Ticket #652 
A new REST service and clients have been added to manage the audit
configuration in all subsystems.

Ticket #652
Added selftest resource. 2013-10-08T14:02:59+00:00 Endi S. Dewata edewata@redhat.com 2013-10-01T16:36:55+00:00 634d615d1832d7d86bc77af9d939a9d282c96350 New REST service and clients have been added for managing selftests in all subsystems. Ticket #652 
New REST service and clients have been added for managing selftests
in all subsystems.

Ticket #652
Add service to generate and retrieve a shared secret 2013-09-30T15:52:05+00:00 Ade Lee alee@redhat.com 2013-09-26T02:09:10+00:00 6eaf2c01c211cf06053c82b1e296909ce8d874b6 A new REST service has been added to the TKS to manage shared secrets. The shared secret is tied to the TKS-TPS connector, and is created at the end of the TPS configuration. At this point, the TPS contacts the TKS and requests that the shared secret be generated. The secret is returned to the TPS, wrapped using the subsystem certificate of the TPS. The TPS should then decrypt the shared secret and store it in its certificate database. This operations requires JSS changes, though, and so will be deferred to a later patch. For now, though, if the TPS and TKS share the same certdb, then it is sufficient to generate the shared secret. Clients and CLI are also provided. The CLI in particular is used to remove the TPSConnector entries and the shared secret when the TPS is pkidestroyed. 
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration.  At this point, the TPS contacts the TKS and
requests that the shared secret be generated.  The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.

The TPS should then decrypt the shared secret and store it in its certificate
database.  This operations requires JSS changes, though, and so will be deferred
to a later patch.  For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.

Clients and CLI are also provided.  The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
Reorganized interceptors. 2013-08-20T18:23:12+00:00 Endi S. Dewata edewata@redhat.com 2013-08-16T15:50:15+00:00 4a2880f466451d8089409d83474a7339bffffe25 The ACLInterceptor and AuthMethodInterceptor interceptors only run on the server, so they have been moved from the base package into the server package. 
The ACLInterceptor and AuthMethodInterceptor interceptors only run
on the server, so they have been moved from the base package into
the server package.
Added authentication method validation. 2013-02-19T18:20:53+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-01T18:05:38+00:00 f49c98ca0cbfc0def8f055c2d97c031ff0f4a439 A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477 
A new mechanism has been added to specify the authentication methods that
can be used to invoke the REST methods. The AuthMethodMapping annotation
maps each REST method to a list of allowed authentication methods. When a
client calls a REST method, the AuthMethodInterceptor will intercept the
call and verify that the client uses an allowed authentication method.

Most REST methods that require authentication have been configured to
require client certificate authentication. Authentication using username
and password will only be used to get the installation token from security
domain.

Ticket #477
Added CLI to manage user membership. 2013-02-18T15:57:53+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-11T18:16:44+00:00 dd01437171044ecb4cdc63998250a4d9f3277119 New CLI's have been added to search, add, and remove user membership. The group member management code has been refactored into a processor to allow reuse. Ticket #190 
New CLI's have been added to search, add, and remove user membership.
The group member management code has been refactored into a processor
to allow reuse.

Ticket #190
Added ACLInterceptor. 2012-11-08T16:20:05+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-10T09:38:05+00:00 cb209df95c4dee11f2a912e20b417fa3bc41c88f Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287 
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.

Ticket #287