Enabled SSL authenticator and PKI realm.

The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107

2 files changed, 25 insertions, 1 deletions

diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 5674cf87a..66c1e4085 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -400,6 +400,9 @@ def compose_pki_master_dictionary():
             config.pki_master_dict['pki_source_server_xml'] =\
                 os.path.join(config.pki_master_dict['pki_source_shared_path'],
                              "server.xml")
+            config.pki_master_dict['pki_source_context_xml'] =\
+                os.path.join(config.pki_master_dict['pki_source_shared_path'],
+                             "context.xml")
             config.pki_master_dict['pki_source_tomcat_conf'] =\
                 os.path.join(config.pki_master_dict['pki_source_shared_path'],
                              "tomcat.conf")
@@ -984,6 +987,10 @@ def compose_pki_master_dictionary():
                 os.path.join(
                     config.pki_master_dict['pki_instance_configuration_path'],
                     "server.xml")
+            config.pki_master_dict['pki_target_context_xml'] =\
+                os.path.join(
+                    config.pki_master_dict['pki_instance_configuration_path'],
+                    "context.xml")
             config.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\
                 config.pki_master_dict['pki_root_prefix'] +\
                 "/etc/sysconfig/" +\
@@ -997,6 +1004,11 @@ def compose_pki_master_dictionary():
                     config.pki_master_dict['pki_tomcat_webapps_root_path'],
                     "index.jsp")
             # in-place slot substitution name/value pairs
+            config.pki_master_dict['pki_target_auth_properties'] =\
+                os.path.join(
+                    config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
+                    "WEB-INF",
+                    "auth.properties")
             config.pki_master_dict['pki_target_velocity_properties'] =\
                 os.path.join(
                     config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
@@ -1131,7 +1143,7 @@ def compose_pki_master_dictionary():
             ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] =\
                 ""
             config.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\
-                "agent"
+                "want"
             config.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\
                 config.pki_master_dict['pki_https_port']
             config.pki_master_dict['PKI_AJP_PORT_SLOT'] =\
diff --git a/base/deploy/src/scriptlets/slot_substitution.py b/base/deploy/src/scriptlets/slot_substitution.py
index 3467596e8..482d1d9cb 100644
--- a/base/deploy/src/scriptlets/slot_substitution.py
+++ b/base/deploy/src/scriptlets/slot_substitution.py
@@ -54,6 +54,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 master['pki_target_server_xml'],
                 overwrite_flag=True)
             util.file.copy_with_slot_substitution(
+                master['pki_source_context_xml'],
+                master['pki_target_context_xml'],
+                overwrite_flag=True)
+            util.file.copy_with_slot_substitution(
                 master['pki_source_tomcat_conf'],
                 master['pki_target_tomcat_conf_instance_id'],
                 uid=0, gid=0, overwrite_flag=True)
@@ -66,6 +70,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 master['pki_target_index_jsp'],
                 overwrite_flag=True)
             util.file.apply_slot_substitution(
+                master['pki_target_auth_properties'])
+            util.file.apply_slot_substitution(
                 master['pki_target_velocity_properties'])
             util.file.apply_slot_substitution(
                 master['pki_target_subsystem_web_xml'])
@@ -109,6 +115,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 master['pki_target_server_xml'],
                 overwrite_flag=True)
             util.file.copy_with_slot_substitution(
+                master['pki_source_context_xml'],
+                master['pki_target_context_xml'],
+                overwrite_flag=True)
+            util.file.copy_with_slot_substitution(
                 master['pki_source_tomcat_conf'],
                 master['pki_target_tomcat_conf_instance_id'],
                 uid=0, gid=0, overwrite_flag=True)
@@ -121,6 +131,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 master['pki_target_index_jsp'],
                 overwrite_flag=True)
             util.file.apply_slot_substitution(
+                master['pki_target_auth_properties'])
+            util.file.apply_slot_substitution(
                 master['pki_target_velocity_properties'])
             util.file.apply_slot_substitution(
                 master['pki_target_subsystem_web_xml'])