summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkiparser.py
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-08-21 17:38:29 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-09-05 10:09:41 -0500
commit8eb2eac080c2e9595b506f49f25d2c1718453bbc (patch)
treed63903229b737cf2e8127c02b67dfa62eeb4571a /base/deploy/src/scriptlets/pkiparser.py
parent63ac9595b4b193200e9b7af94f0854361a70eec9 (diff)
downloadpki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.gz
pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.xz
pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.zip
Added proxy realm.
CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py83
1 files changed, 37 insertions, 46 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 09424120c..b1daa3b21 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -689,6 +689,9 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_nsutil'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-nsutil.jar")
+ config.pki_master_dict['pki_tomcat_jar'] =\
+ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
+ "pki-tomcat.jar")
config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT,
"resteasy-atom-provider.jar")
@@ -768,30 +771,10 @@ def compose_pki_master_dictionary():
os.path.join(
config.pki_master_dict['pki_tomcat_common_lib_path'],
"ldapjdk.jar")
- config.pki_master_dict['pki_certsrv_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-certsrv.jar")
- config.pki_master_dict['pki_cmsbundle_jar_link'] =\
+ config.pki_master_dict['pki_tomcat_jar_link'] =\
os.path.join(
config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cmsbundle.jar")
- config.pki_master_dict['pki_cmscore_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cmscore.jar")
- config.pki_master_dict['pki_cms_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cms.jar")
- config.pki_master_dict['pki_cmsutil_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-cmsutil.jar")
- config.pki_master_dict['pki_nsutil_jar_link'] =\
- os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
- "pki-nsutil.jar")
+ "pki-tomcat.jar")
config.pki_master_dict['pki_resteasy_atom_provider_jar_link'] =\
os.path.join(
config.pki_master_dict['pki_tomcat_common_lib_path'],
@@ -931,58 +914,66 @@ def compose_pki_master_dictionary():
config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
"WEB-INF",
"lib")
+ config.pki_master_dict['pki_certsrv_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-certsrv.jar")
+ config.pki_master_dict['pki_cmsbundle_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cmsbundle.jar")
+ config.pki_master_dict['pki_cmscore_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cmscore.jar")
+ config.pki_master_dict['pki_cms_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cms.jar")
+ config.pki_master_dict['pki_cmsutil_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-cmsutil.jar")
+ config.pki_master_dict['pki_nsutil_jar_link'] =\
+ os.path.join(
+ config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'],
+ "pki-nsutil.jar")
# Tomcat PKI subsystem war file convenience symbolic links
if config.pki_master_dict['pki_subsystem'] == "CA":
config.pki_master_dict['pki_ca_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-ca.jar")
- # config.pki_master_dict['pki_ca_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-ca.jar")
config.pki_master_dict['pki_ca_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-ca.jar")
elif config.pki_master_dict['pki_subsystem'] == "KRA":
config.pki_master_dict['pki_kra_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-kra.jar")
- # config.pki_master_dict['pki_kra_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-kra.jar")
config.pki_master_dict['pki_kra_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-kra.jar")
elif config.pki_master_dict['pki_subsystem'] == "OCSP":
config.pki_master_dict['pki_ocsp_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-ocsp.jar")
- # config.pki_master_dict['pki_ocsp_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-ocsp.jar")
config.pki_master_dict['pki_ocsp_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-ocsp.jar")
elif config.pki_master_dict['pki_subsystem'] == "TKS":
config.pki_master_dict['pki_tks_jar'] =\
os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT,
"pki-tks.jar")
- # config.pki_master_dict['pki_tks_jar_link'] =\
- # os.path.join(
- # config.pki_master_dict\
- # ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
- # "pki-tks.jar")
config.pki_master_dict['pki_tks_jar_link'] =\
os.path.join(
- config.pki_master_dict['pki_tomcat_common_lib_path'],
+ config.pki_master_dict\
+ ['pki_tomcat_webapps_subsystem_webinf_lib_path'],
"pki-tks.jar")
# PKI Target (slot substitution) name/value pairs
config.pki_master_dict['pki_target_cs_cfg'] =\