diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-08-21 17:38:29 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-09-05 10:09:41 -0500 |
| commit | 8eb2eac080c2e9595b506f49f25d2c1718453bbc (patch) | |
| tree | d63903229b737cf2e8127c02b67dfa62eeb4571a /base/deploy/scripts/operations | |
| parent | 63ac9595b4b193200e9b7af94f0854361a70eec9 (diff) | |
| download | pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.gz pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.xz pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.zip | |
Added proxy realm.
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.
Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.
Ticket #89
Diffstat (limited to 'base/deploy/scripts/operations')
| -rw-r--r-- | base/deploy/scripts/operations | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/base/deploy/scripts/operations b/base/deploy/scripts/operations index bb573fcaf..61e4e5de9 100644 --- a/base/deploy/scripts/operations +++ b/base/deploy/scripts/operations @@ -951,11 +951,10 @@ verify_symlinks() pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_ID}" pki_systemd_dir="/etc/systemd/system/pki-tomcatd.target.wants" pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_ID}.service" - # FUTURE: "pki_<pki_subsystem>_webapps_jar_dir" directories - pki_ca_jar_dir="${pki_common_jar_dir}" - pki_kra_jar_dir="${pki_common_jar_dir}" - pki_ocsp_jar_dir="${pki_common_jar_dir}" - pki_tks_jar_dir="${pki_common_jar_dir}" + pki_ca_jar_dir="${PKI_INSTANCE_PATH}/webapps/ca/WEB-INF/lib" + pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" + pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" + pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( @@ -977,7 +976,14 @@ verify_symlinks() [webapps]=${PKI_INSTANCE_PATH}/webapps) # '${pki_ca_jar_dir}' symlinks - ca_jar_symlinks[pki-ca.jar]=/usr/share/java/pki/pki-ca.jar + ca_jar_symlinks=( + [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar + [pki-cms.jar]=${java_dir}/pki/pki-cms.jar + [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar + [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar + [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar + [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar + [pki-ca.jar]=${java_dir}/pki/pki-ca.jar) # '${PKI_INSTANCE_PATH}/kra' symlinks kra_symlinks=( @@ -988,7 +994,14 @@ verify_symlinks() [webapps]=${PKI_INSTANCE_PATH}/webapps) # '${pki_kra_jar_dir}' symlinks - kra_jar_symlinks[pki-kra.jar]=/usr/share/java/pki/pki-kra.jar + kra_jar_symlinks=( + [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar + [pki-cms.jar]=${java_dir}/pki/pki-cms.jar + [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar + [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar + [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar + [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar + [pki-kra.jar]=${java_dir}/pki/pki-kra.jar) # '${PKI_INSTANCE_PATH}/ocsp' symlinks ocsp_symlinks=( @@ -999,7 +1012,14 @@ verify_symlinks() [webapps]=${PKI_INSTANCE_PATH}/webapps) # '${pki_ocsp_jar_dir}' symlinks - ocsp_jar_symlinks[pki-ocsp.jar]=/usr/share/java/pki/pki-ocsp.jar + ocsp_jar_symlinks=( + [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar + [pki-cms.jar]=${java_dir}/pki/pki-cms.jar + [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar + [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar + [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar + [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar + [pki-ocsp.jar]=${java_dir}/pki/pki-ocsp.jar) # '${PKI_INSTANCE_PATH}/tks' symlinks tks_symlinks=( @@ -1010,7 +1030,14 @@ verify_symlinks() [webapps]=${PKI_INSTANCE_PATH}/webapps) # '${pki_tks_jar_dir}' symlinks - tks_jar_symlinks[pki-tks.jar]=/usr/share/java/pki/pki-tks.jar + tks_jar_symlinks=( + [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar + [pki-cms.jar]=${java_dir}/pki/pki-cms.jar + [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar + [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar + [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar + [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar + [pki-tks.jar]=${java_dir}/pki/pki-tks.jar) # '${pki_common_jar_dir}' symlinks common_jar_symlinks=( @@ -1025,12 +1052,7 @@ verify_symlinks() [jettison.jar]=${java_dir}/jettison.jar [jss4.jar]=${jni_dir}/jss4.jar [ldapjdk.jar]=${java_dir}/ldapjdk.jar - [pki-certsrv.jar]=/usr/share/java/pki/pki-certsrv.jar - [pki-cms.jar]=/usr/share/java/pki/pki-cms.jar - [pki-cmsbundle.jar]=/usr/share/java/pki/pki-cmsbundle.jar - [pki-cmscore.jar]=/usr/share/java/pki/pki-cmscore.jar - [pki-cmsutil.jar]=/usr/share/java/pki/pki-cmsutil.jar - [pki-nsutil.jar]=/usr/share/java/pki/pki-nsutil.jar + [pki-tomcat.jar]=${java_dir}/pki/pki-tomcat.jar [resteasy-atom-provider.jar]=${resteasy_java_dir}/resteasy-atom-provider.jar [resteasy-jaxb-provider.jar]=${resteasy_java_dir}/resteasy-jaxb-provider.jar [resteasy-jaxrs.jar]=${resteasy_java_dir}/resteasy-jaxrs.jar |