summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-08-21 17:38:29 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-09-05 10:09:41 -0500
commit8eb2eac080c2e9595b506f49f25d2c1718453bbc (patch)
treed63903229b737cf2e8127c02b67dfa62eeb4571a
parent63ac9595b4b193200e9b7af94f0854361a70eec9 (diff)
downloadpki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.gz
pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.xz
pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.zip
Added proxy realm.
CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
-rw-r--r--base/ca/shared/webapps/ca/META-INF/context.xml31
-rw-r--r--base/common/shared/conf/context.xml4
-rw-r--r--base/common/src/CMakeLists.txt51
-rw-r--r--base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java8
-rw-r--r--base/common/src/com/netscape/cms/tomcat/ProxyRealm.java139
-rw-r--r--base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java (renamed from base/common/src/com/netscape/cmscore/realm/SSLAuthenticatorWithFallback.java)2
-rw-r--r--base/deploy/scripts/operations52
-rw-r--r--base/deploy/src/scriptlets/instance_layout.py14
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py83
-rw-r--r--base/deploy/src/scriptlets/webapp_deployment.py12
-rw-r--r--base/kra/shared/webapps/kra/META-INF/context.xml31
-rw-r--r--base/ocsp/shared/webapps/ocsp/META-INF/context.xml31
-rw-r--r--base/setup/scripts/functions3
-rw-r--r--base/tks/shared/webapps/tks/META-INF/context.xml31
-rw-r--r--specs/pki-core.spec7
15 files changed, 417 insertions, 82 deletions
diff --git a/base/ca/shared/webapps/ca/META-INF/context.xml b/base/ca/shared/webapps/ca/META-INF/context.xml
new file mode 100644
index 000000000..975ecabf1
--- /dev/null
+++ b/base/ca/shared/webapps/ca/META-INF/context.xml
@@ -0,0 +1,31 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2012 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK
+-->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context crossContext="true" allowLinking="true">
+
+ <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+
+ <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
+
+</Context>
diff --git a/base/common/shared/conf/context.xml b/base/common/shared/conf/context.xml
index b28f1bd20..4b00dbe3c 100644
--- a/base/common/shared/conf/context.xml
+++ b/base/common/shared/conf/context.xml
@@ -39,8 +39,4 @@
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
- <Valve className="com.netscape.cmscore.realm.SSLAuthenticatorWithFallback" />
-
- <Realm className="com.netscape.cmscore.realm.PKIRealm" />
-
</Context>
diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt
index dc61b4ca7..f3702d454 100644
--- a/base/common/src/CMakeLists.txt
+++ b/base/common/src/CMakeLists.txt
@@ -171,6 +171,8 @@ set(PKI_CERTSRV_JAR ${CMAKE_BINARY_DIR}/dist/pki-certsrv.jar CACHE INTERNAL "pki
javac(pki-cms-classes
SOURCES
com/netscape/cms/*.java
+ EXCLUDE
+ com/netscape/cms/tomcat/*.java
CLASSPATH
${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
@@ -192,6 +194,8 @@ jar(pki-cms-jar
${CMAKE_BINARY_DIR}/classes
FILES
com/netscape/cms/*.class
+ EXCLUDE
+ com/netscape/cms/tomcat/*.class
DEPENDS
pki-cms-classes
)
@@ -249,12 +253,55 @@ if(WITH_JAVADOC)
endif(WITH_JAVADOC)
+# build pki-tomcat
+javac(pki-tomcat-classes
+ SOURCES
+ com/netscape/cms/tomcat/*.java
+ CLASSPATH
+ ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR}
+ OUTPUT_DIR
+ ${CMAKE_BINARY_DIR}/classes
+ DEPENDS
+ pki-cms
+)
+
+jar(pki-tomcat-jar
+ CREATE
+ ${CMAKE_BINARY_DIR}/dist/pki-tomcat-${APPLICATION_VERSION}.jar
+ INPUT_DIR
+ ${CMAKE_BINARY_DIR}/classes
+ FILES
+ com/netscape/cms/tomcat/*.class
+ DEPENDS
+ pki-tomcat-classes
+)
+
+link(pki-tomcat
+ SOURCE
+ ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar
+ DEST
+ pki-tomcat-${APPLICATION_VERSION}.jar
+ DEPENDS
+ pki-tomcat-jar
+)
+
+install(
+ FILES
+ ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar
+ ${CMAKE_BINARY_DIR}/dist/pki-tomcat-${APPLICATION_VERSION}.jar
+ DESTINATION
+ ${JAVA_JAR_INSTALL_DIR}/pki
+)
+
+set(PKI_TOMCAT_JAR ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar CACHE INTERNAL "pki-tomcat jar file")
+
+
# build pki-cmscore
javac(pki-cmscore-classes
SOURCES
com/netscape/cmscore/*.java
CLASSPATH
- ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR}
+ ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${PKI_TOMCAT_JAR}
${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
${JSS_JAR} ${COMMONS_CODEC_JAR} ${COMMONS_HTTPCLIENT_JAR}
${APACHE_COMMONS_LANG_JAR}
@@ -264,7 +311,7 @@ javac(pki-cmscore-classes
OUTPUT_DIR
${CMAKE_BINARY_DIR}/classes
DEPENDS
- pki-nsutil pki-cmsutil pki-certsrv pki-cms
+ pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-tomcat
)
jar(pki-cmscore-jar
diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index a8a4008b7..e00f2bdba 100644
--- a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cms.tomcat.ProxyRealm;
+import com.netscape.cmscore.realm.PKIRealm;
import com.netscape.cmsutil.util.Utils;
/**
@@ -89,10 +91,16 @@ public class CMSStartServlet extends HttpServlet {
}
}
}
+
try {
CMS.start(path);
} catch (EBaseException e) {
}
+
+ // Register realm for this subsystem
+ String context = getServletContext().getContextPath();
+ if (context.startsWith("/")) context = context.substring(1);
+ ProxyRealm.registerRealm(context, new PKIRealm());
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
diff --git a/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java
new file mode 100644
index 000000000..094c0561f
--- /dev/null
+++ b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java
@@ -0,0 +1,139 @@
+package com.netscape.cms.tomcat;
+
+import java.beans.PropertyChangeListener;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.catalina.Container;
+import org.apache.catalina.Context;
+import org.apache.catalina.Realm;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.ietf.jgss.GSSContext;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class ProxyRealm implements Realm {
+
+ public static Map<String, ProxyRealm> proxies = new HashMap<String, ProxyRealm>();
+
+ public Container container;
+ public Realm realm;
+
+ public ProxyRealm() {
+ }
+
+ @Override
+ public Container getContainer() {
+ return container;
+ }
+
+ @Override
+ public void setContainer(Container container) {
+ this.container = container;
+ if (container instanceof Context) {
+ Context context = (Context)container;
+ proxies.put(context.getBaseName(), this);
+ }
+ }
+
+ public Realm getRealm() {
+ return realm;
+ }
+
+ public void setRealm(Realm realm) {
+ this.realm = realm;
+ realm.setContainer(container);
+ }
+
+ public static void registerRealm(String contextName, Realm realm) {
+ ProxyRealm proxy = proxies.get(contextName);
+ if (proxy == null) return;
+
+ proxy.setRealm(realm);
+ }
+
+ @Override
+ public Principal authenticate(String username, String password) {
+ return realm.authenticate(username, password);
+ }
+
+ @Override
+ public Principal authenticate(X509Certificate certs[]) {
+ return realm.authenticate(certs);
+ }
+
+ @Override
+ public Principal authenticate(
+ String username,
+ String digest,
+ String nonce,
+ String nc,
+ String cnonce,
+ String qop,
+ String realmName,
+ String md5a2
+ ) {
+ return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2);
+ }
+
+ @Override
+ public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+ return realm.authenticate(gssContext, storeCreds);
+ }
+
+ @Override
+ public boolean hasResourcePermission(
+ Request request,
+ Response response,
+ SecurityConstraint[] constraints,
+ Context context
+ ) throws IOException {
+ return realm.hasResourcePermission(request, response, constraints, context);
+ }
+
+ @Override
+ public String getInfo() {
+ return realm.getInfo();
+ }
+
+ @Override
+ public void backgroundProcess() {
+ realm.backgroundProcess();
+ }
+
+ @Override
+ public SecurityConstraint[] findSecurityConstraints(Request request, Context context) {
+ return realm.findSecurityConstraints(request, context);
+ }
+
+ @Override
+ public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
+ return realm.hasRole(wrapper, principal, role);
+ }
+
+ @Override
+ public boolean hasUserDataPermission(
+ Request request,
+ Response response,
+ SecurityConstraint[] constraint
+ ) throws IOException {
+ return realm.hasUserDataPermission(request, response, constraint);
+ }
+
+ @Override
+ public void addPropertyChangeListener(PropertyChangeListener listener) {
+ realm.addPropertyChangeListener(listener);
+ }
+
+ @Override
+ public void removePropertyChangeListener(PropertyChangeListener listener) {
+ realm.removePropertyChangeListener(listener);
+ }
+}
diff --git a/base/common/src/com/netscape/cmscore/realm/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
index 6b6af78a7..d1b3dc3f2 100644
--- a/base/common/src/com/netscape/cmscore/realm/SSLAuthenticatorWithFallback.java
+++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
@@ -16,7 +16,7 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
-package com.netscape.cmscore.realm;
+package com.netscape.cms.tomcat;
import java.io.IOException;
import java.security.cert.X509Certificate;
diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations
index bb573fcaf..61e4e5de9 100644
--- a/base/deploy/scripts/operations
+++ b/base/deploy/scripts/operations
@@ -951,11 +951,10 @@ verify_symlinks()
pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_ID}"
pki_systemd_dir="/etc/systemd/system/pki-tomcatd.target.wants"
pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_ID}.service"
- # FUTURE: "pki_<pki_subsystem>_webapps_jar_dir" directories
- pki_ca_jar_dir="${pki_common_jar_dir}"
- pki_kra_jar_dir="${pki_common_jar_dir}"
- pki_ocsp_jar_dir="${pki_common_jar_dir}"
- pki_tks_jar_dir="${pki_common_jar_dir}"
+ pki_ca_jar_dir="${PKI_INSTANCE_PATH}/webapps/ca/WEB-INF/lib"
+ pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib"
+ pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib"
+ pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib"
# '${PKI_INSTANCE_PATH}' symlinks
base_symlinks=(
@@ -977,7 +976,14 @@ verify_symlinks()
[webapps]=${PKI_INSTANCE_PATH}/webapps)
# '${pki_ca_jar_dir}' symlinks
- ca_jar_symlinks[pki-ca.jar]=/usr/share/java/pki/pki-ca.jar
+ ca_jar_symlinks=(
+ [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar
+ [pki-cms.jar]=${java_dir}/pki/pki-cms.jar
+ [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar
+ [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar
+ [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar
+ [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
+ [pki-ca.jar]=${java_dir}/pki/pki-ca.jar)
# '${PKI_INSTANCE_PATH}/kra' symlinks
kra_symlinks=(
@@ -988,7 +994,14 @@ verify_symlinks()
[webapps]=${PKI_INSTANCE_PATH}/webapps)
# '${pki_kra_jar_dir}' symlinks
- kra_jar_symlinks[pki-kra.jar]=/usr/share/java/pki/pki-kra.jar
+ kra_jar_symlinks=(
+ [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar
+ [pki-cms.jar]=${java_dir}/pki/pki-cms.jar
+ [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar
+ [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar
+ [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar
+ [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
+ [pki-kra.jar]=${java_dir}/pki/pki-kra.jar)
# '${PKI_INSTANCE_PATH}/ocsp' symlinks
ocsp_symlinks=(
@@ -999,7 +1012,14 @@ verify_symlinks()
[webapps]=${PKI_INSTANCE_PATH}/webapps)
# '${pki_ocsp_jar_dir}' symlinks
- ocsp_jar_symlinks[pki-ocsp.jar]=/usr/share/java/pki/pki-ocsp.jar
+ ocsp_jar_symlinks=(
+ [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar
+ [pki-cms.jar]=${java_dir}/pki/pki-cms.jar
+ [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar
+ [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar
+ [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar
+ [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
+ [pki-ocsp.jar]=${java_dir}/pki/pki-ocsp.jar)
# '${PKI_INSTANCE_PATH}/tks' symlinks
tks_symlinks=(
@@ -1010,7 +1030,14 @@ verify_symlinks()
[webapps]=${PKI_INSTANCE_PATH}/webapps)
# '${pki_tks_jar_dir}' symlinks
- tks_jar_symlinks[pki-tks.jar]=/usr/share/java/pki/pki-tks.jar
+ tks_jar_symlinks=(
+ [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar
+ [pki-cms.jar]=${java_dir}/pki/pki-cms.jar
+ [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar
+ [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar
+ [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar
+ [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
+ [pki-tks.jar]=${java_dir}/pki/pki-tks.jar)
# '${pki_common_jar_dir}' symlinks
common_jar_symlinks=(
@@ -1025,12 +1052,7 @@ verify_symlinks()
[jettison.jar]=${java_dir}/jettison.jar
[jss4.jar]=${jni_dir}/jss4.jar
[ldapjdk.jar]=${java_dir}/ldapjdk.jar
- [pki-certsrv.jar]=/usr/share/java/pki/pki-certsrv.jar
- [pki-cms.jar]=/usr/share/java/pki/pki-cms.jar
- [pki-cmsbundle.jar]=/usr/share/java/pki/pki-cmsbundle.jar
- [pki-cmscore.jar]=/usr/share/java/pki/pki-cmscore.jar
- [pki-cmsutil.jar]=/usr/share/java/pki/pki-cmsutil.jar
- [pki-nsutil.jar]=/usr/share/java/pki/pki-nsutil.jar
+ [pki-tomcat.jar]=${java_dir}/pki/pki-tomcat.jar
[resteasy-atom-provider.jar]=${resteasy_java_dir}/resteasy-atom-provider.jar
[resteasy-jaxb-provider.jar]=${resteasy_java_dir}/resteasy-jaxb-provider.jar
[resteasy-jaxrs.jar]=${resteasy_java_dir}/resteasy-jaxrs.jar
diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py
index d29b2d2d2..8fd0396bc 100644
--- a/base/deploy/src/scriptlets/instance_layout.py
+++ b/base/deploy/src/scriptlets/instance_layout.py
@@ -97,18 +97,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
master['pki_jss_jar_link'])
util.symlink.create(master['pki_ldapjdk_jar'],
master['pki_ldapjdk_jar_link'])
- util.symlink.create(master['pki_certsrv_jar'],
- master['pki_certsrv_jar_link'])
- util.symlink.create(master['pki_cmsbundle'],
- master['pki_cmsbundle_jar_link'])
- util.symlink.create(master['pki_cmscore'],
- master['pki_cmscore_jar_link'])
- util.symlink.create(master['pki_cms'],
- master['pki_cms_jar_link'])
- util.symlink.create(master['pki_cmsutil'],
- master['pki_cmsutil_jar_link'])
- util.symlink.create(master['pki_nsutil'],
- master['pki_nsutil_jar_link'])
+ util.symlink.create(master['pki_tomcat_jar'],
+ master['pki_tomcat_jar_link'])
util.symlink.create(master['pki_resteasy_atom_provider_jar'],
master['pki_resteasy_atom_provider_jar_link'])
util.symlink.create(master['pki_resteasy_jaxb_provider_jar'],
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 09424120c..b1daa3b21 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -689,6 +689,9 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_nsutil'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-nsutil.jar")
+ config.pki_master_dict['pki_tomcat_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-tomcat.jar")
config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"resteasy-atom-provider.jar")
@@ -768,30 +771,10 @@ def compose_pki_master_dictionary():
os.path.join(
config.pki_master_dict['pki_tomcat_common_lib_path'],
"ldapjdk.jar")
- config.pki_master_dict['pki_certsrv_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-certsrv.jar")
- config.pki_master_dict['pki_cmsbundle_jar_link'] =\
+ config.pki_master_dict['pki_tomcat_jar_link'] =\
os.path.join(
config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cmsbundle.jar")
- config.pki_master_dict['pki_cmscore_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cmscore.jar")
- config.pki_master_dict['pki_cms_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cms.jar")
- config.pki_master_dict['pki_cmsutil_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cmsutil.jar")
- config.pki_master_dict['pki_nsutil_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-nsutil.jar")
+ "pki-tomcat.jar")
config.pki_master_dict['pki_resteasy_atom_provider_jar_link'] =\
os.path.join(
config.pki_master_dict['pki_tomcat_common_lib_path'],
@@ -931,58 +914,66 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
"WEB-INF",
"lib")
+ config.pki_master_dict['pki_certsrv_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-certsrv.jar")
+ config.pki_master_dict['pki_cmsbundle_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cmsbundle.jar")
+ config.pki_master_dict['pki_cmscore_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cmscore.jar")
+ config.pki_master_dict['pki_cms_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cms.jar")
+ config.pki_master_dict['pki_cmsutil_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cmsutil.jar")
+ config.pki_master_dict['pki_nsutil_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-nsutil.jar")
# Tomcat PKI subsystem war file convenience symbolic links
if config.pki_master_dict['pki_subsystem'] == "CA":
config.pki_master_dict['pki_ca_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-ca.jar")
- # config.pki_master_dict['pki_ca_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-ca.jar")
config.pki_master_dict['pki_ca_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-ca.jar")
elif config.pki_master_dict['pki_subsystem'] == "KRA":
config.pki_master_dict['pki_kra_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-kra.jar")
- # config.pki_master_dict['pki_kra_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-kra.jar")
config.pki_master_dict['pki_kra_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-kra.jar")
elif config.pki_master_dict['pki_subsystem'] == "OCSP":
config.pki_master_dict['pki_ocsp_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-ocsp.jar")
- # config.pki_master_dict['pki_ocsp_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-ocsp.jar")
config.pki_master_dict['pki_ocsp_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-ocsp.jar")
elif config.pki_master_dict['pki_subsystem'] == "TKS":
config.pki_master_dict['pki_tks_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-tks.jar")
- # config.pki_master_dict['pki_tks_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-tks.jar")
config.pki_master_dict['pki_tks_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-tks.jar")
# PKI Target (slot substitution) name/value pairs
config.pki_master_dict['pki_target_cs_cfg'] =\
diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py
index 17b1bc349..cc2086fc7 100644
--- a/base/deploy/src/scriptlets/webapp_deployment.py
+++ b/base/deploy/src/scriptlets/webapp_deployment.py
@@ -68,6 +68,18 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
util.directory.create(
master['pki_tomcat_webapps_subsystem_webinf_lib_path'])
# establish Tomcat webapps subsystem WEB-INF lib symbolic links
+ util.symlink.create(master['pki_certsrv_jar'],
+ master['pki_certsrv_jar_link'])
+ util.symlink.create(master['pki_cmsbundle'],
+ master['pki_cmsbundle_jar_link'])
+ util.symlink.create(master['pki_cmscore'],
+ master['pki_cmscore_jar_link'])
+ util.symlink.create(master['pki_cms'],
+ master['pki_cms_jar_link'])
+ util.symlink.create(master['pki_cmsutil'],
+ master['pki_cmsutil_jar_link'])
+ util.symlink.create(master['pki_nsutil'],
+ master['pki_nsutil_jar_link'])
if master['pki_subsystem'] == "CA":
util.symlink.create(master['pki_ca_jar'],
master['pki_ca_jar_link'])
diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml
new file mode 100644
index 000000000..975ecabf1
--- /dev/null
+++ b/base/kra/shared/webapps/kra/META-INF/context.xml
@@ -0,0 +1,31 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2012 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK
+-->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context crossContext="true" allowLinking="true">
+
+ <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+
+ <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
+
+</Context>
diff --git a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
new file mode 100644
index 000000000..975ecabf1
--- /dev/null
+++ b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
@@ -0,0 +1,31 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2012 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK
+-->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context crossContext="true" allowLinking="true">
+
+ <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+
+ <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
+
+</Context>
diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions
index 20e5dcdff..7eacd7e1f 100644
--- a/base/setup/scripts/functions
+++ b/base/setup/scripts/functions
@@ -955,7 +955,8 @@ verify_symlinks()
[jss4.jar]=${jni_dir}/jss4.jar
[tomcatjss.jar]=/usr/share/java/tomcatjss.jar
# Dogtag 9 -> Dogtag 10
- [apache-commons-codec.jar]=/usr/share/java/commons-codec.jar)
+ [apache-commons-codec.jar]=/usr/share/java/commons-codec.jar
+ [pki-tomcat.jar]=/usr/share/java/pki/pki-tomcat.jar)
# '${pki_webapps_jar_dir}' symlinks
webapps_jar_symlinks=(
diff --git a/base/tks/shared/webapps/tks/META-INF/context.xml b/base/tks/shared/webapps/tks/META-INF/context.xml
new file mode 100644
index 000000000..975ecabf1
--- /dev/null
+++ b/base/tks/shared/webapps/tks/META-INF/context.xml
@@ -0,0 +1,31 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2012 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK
+-->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context crossContext="true" allowLinking="true">
+
+ <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+
+ <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
+
+</Context>
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 9e2197a2b..e59f538dd 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: pki-core
Version: 10.0.0
-Release: %{?relprefix}27%{?prerel}%{?dist}
+Release: %{?relprefix}28%{?prerel}%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -1197,6 +1197,8 @@ fi
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-cmscore-%{version}.jar
%{_javadir}/pki/pki-cmscore.jar
+%{_javadir}/pki/pki-tomcat-%{version}.jar
+%{_javadir}/pki/pki-tomcat.jar
%dir %{_localstatedir}/lock/pki/tomcat
%dir %{_localstatedir}/run/pki/tomcat
@@ -1345,6 +1347,9 @@ fi
%changelog
+* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.28.a1
+- Added pki-tomcat.jar.
+
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.27.a1
- Moved webapp creation code into pkispawn.