diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-08-21 17:38:29 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-09-05 10:09:41 -0500 |
commit | 8eb2eac080c2e9595b506f49f25d2c1718453bbc (patch) | |
tree | d63903229b737cf2e8127c02b67dfa62eeb4571a /base/deploy/src/scriptlets/pkiparser.py | |
parent | 63ac9595b4b193200e9b7af94f0854361a70eec9 (diff) | |
download | pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.gz pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.xz pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.zip |
Added proxy realm.
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.
Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.
Ticket #89
Diffstat (limited to 'base/deploy/src/scriptlets/pkiparser.py')
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 83 |
1 files changed, 37 insertions, 46 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 09424120c..b1daa3b21 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -689,6 +689,9 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_nsutil'] =\ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-nsutil.jar") + config.pki_master_dict['pki_tomcat_jar'] =\ + os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, + "pki-tomcat.jar") config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, "resteasy-atom-provider.jar") @@ -768,30 +771,10 @@ def compose_pki_master_dictionary(): os.path.join( config.pki_master_dict['pki_tomcat_common_lib_path'], "ldapjdk.jar") - config.pki_master_dict['pki_certsrv_jar_link'] =\ - os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], - "pki-certsrv.jar") - config.pki_master_dict['pki_cmsbundle_jar_link'] =\ + config.pki_master_dict['pki_tomcat_jar_link'] =\ os.path.join( config.pki_master_dict['pki_tomcat_common_lib_path'], - "pki-cmsbundle.jar") - config.pki_master_dict['pki_cmscore_jar_link'] =\ - os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], - "pki-cmscore.jar") - config.pki_master_dict['pki_cms_jar_link'] =\ - os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], - "pki-cms.jar") - config.pki_master_dict['pki_cmsutil_jar_link'] =\ - os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], - "pki-cmsutil.jar") - config.pki_master_dict['pki_nsutil_jar_link'] =\ - os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], - "pki-nsutil.jar") + "pki-tomcat.jar") config.pki_master_dict['pki_resteasy_atom_provider_jar_link'] =\ os.path.join( config.pki_master_dict['pki_tomcat_common_lib_path'], @@ -931,58 +914,66 @@ def compose_pki_master_dictionary(): config.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "lib") + config.pki_master_dict['pki_certsrv_jar_link'] =\ + os.path.join( + config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'], + "pki-certsrv.jar") + config.pki_master_dict['pki_cmsbundle_jar_link'] =\ + os.path.join( + config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'], + "pki-cmsbundle.jar") + config.pki_master_dict['pki_cmscore_jar_link'] =\ + os.path.join( + config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'], + "pki-cmscore.jar") + config.pki_master_dict['pki_cms_jar_link'] =\ + os.path.join( + config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'], + "pki-cms.jar") + config.pki_master_dict['pki_cmsutil_jar_link'] =\ + os.path.join( + config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'], + "pki-cmsutil.jar") + config.pki_master_dict['pki_nsutil_jar_link'] =\ + os.path.join( + config.pki_master_dict['pki_tomcat_webapps_subsystem_webinf_lib_path'], + "pki-nsutil.jar") # Tomcat PKI subsystem war file convenience symbolic links if config.pki_master_dict['pki_subsystem'] == "CA": config.pki_master_dict['pki_ca_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-ca.jar") - # config.pki_master_dict['pki_ca_jar_link'] =\ - # os.path.join( - # config.pki_master_dict\ - # ['pki_tomcat_webapps_subsystem_webinf_lib_path'], - # "pki-ca.jar") config.pki_master_dict['pki_ca_jar_link'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], + config.pki_master_dict\ + ['pki_tomcat_webapps_subsystem_webinf_lib_path'], "pki-ca.jar") elif config.pki_master_dict['pki_subsystem'] == "KRA": config.pki_master_dict['pki_kra_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-kra.jar") - # config.pki_master_dict['pki_kra_jar_link'] =\ - # os.path.join( - # config.pki_master_dict\ - # ['pki_tomcat_webapps_subsystem_webinf_lib_path'], - # "pki-kra.jar") config.pki_master_dict['pki_kra_jar_link'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], + config.pki_master_dict\ + ['pki_tomcat_webapps_subsystem_webinf_lib_path'], "pki-kra.jar") elif config.pki_master_dict['pki_subsystem'] == "OCSP": config.pki_master_dict['pki_ocsp_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-ocsp.jar") - # config.pki_master_dict['pki_ocsp_jar_link'] =\ - # os.path.join( - # config.pki_master_dict\ - # ['pki_tomcat_webapps_subsystem_webinf_lib_path'], - # "pki-ocsp.jar") config.pki_master_dict['pki_ocsp_jar_link'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], + config.pki_master_dict\ + ['pki_tomcat_webapps_subsystem_webinf_lib_path'], "pki-ocsp.jar") elif config.pki_master_dict['pki_subsystem'] == "TKS": config.pki_master_dict['pki_tks_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-tks.jar") - # config.pki_master_dict['pki_tks_jar_link'] =\ - # os.path.join( - # config.pki_master_dict\ - # ['pki_tomcat_webapps_subsystem_webinf_lib_path'], - # "pki-tks.jar") config.pki_master_dict['pki_tks_jar_link'] =\ os.path.join( - config.pki_master_dict['pki_tomcat_common_lib_path'], + config.pki_master_dict\ + ['pki_tomcat_webapps_subsystem_webinf_lib_path'], "pki-tks.jar") # PKI Target (slot substitution) name/value pairs config.pki_master_dict['pki_target_cs_cfg'] =\ |