Added proxy realm.

CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89

1 files changed, 8 insertions, 0 deletions

diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index a8a4008b7..e00f2bdba 100644
--- a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cms.tomcat.ProxyRealm;
+import com.netscape.cmscore.realm.PKIRealm;
 import com.netscape.cmsutil.util.Utils;
 
 /**
@@ -89,10 +91,16 @@ public class CMSStartServlet extends HttpServlet {
                 }
             }
         }
+
         try {
             CMS.start(path);
         } catch (EBaseException e) {
         }
+
+        // Register realm for this subsystem
+        String context = getServletContext().getContextPath();
+        if (context.startsWith("/")) context = context.substring(1);
+        ProxyRealm.registerRealm(context, new PKIRealm());
     }
 
     public void doGet(HttpServletRequest req, HttpServletResponse res)