summaryrefslogtreecommitdiffstats
path: root/base/kra
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-08-21 17:38:29 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-09-05 10:09:41 -0500
commit8eb2eac080c2e9595b506f49f25d2c1718453bbc (patch)
treed63903229b737cf2e8127c02b67dfa62eeb4571a /base/kra
parent63ac9595b4b193200e9b7af94f0854361a70eec9 (diff)
downloadpki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.gz
pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.tar.xz
pki-8eb2eac080c2e9595b506f49f25d2c1718453bbc.zip
Added proxy realm.
CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
Diffstat (limited to 'base/kra')
-rw-r--r--base/kra/shared/webapps/kra/META-INF/context.xml31
1 files changed, 31 insertions, 0 deletions
diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml
new file mode 100644
index 000000000..975ecabf1
--- /dev/null
+++ b/base/kra/shared/webapps/kra/META-INF/context.xml
@@ -0,0 +1,31 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+ Copyright (C) 2012 Red Hat, Inc.
+ All rights reserved.
+ Modifications: configuration parameters
+ END COPYRIGHT BLOCK
+-->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context crossContext="true" allowLinking="true">
+
+ <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+
+ <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
+
+</Context>