Added login page for TPS UI.

The TPS UI has been modified to provide an unprotected front page.
The main TPS UI has been moved into a protected area. The front
page provides a login button which when clicked will ask the user
to authenticate with the client certificate. If the authentication
is successful, the main page will appear. There is also a logout
link on the upper right corner of the main page. When clicked it
will destroy both the client and server sessions.

Ticket #846

14 files changed, 206 insertions, 65 deletions

diff --git a/base/server/share/webapps/pki/js/pki-ui.js b/base/server/share/webapps/pki/js/pki-ui.js
index 7626d5082..73ba63b26 100644
--- a/base/server/share/webapps/pki/js/pki-ui.js
+++ b/base/server/share/webapps/pki/js/pki-ui.js
@@ -132,8 +132,13 @@ var Navigation = Backbone.View.extend({
             var link = $("a", li);
             var url = link.attr("href");
             link.click(function(e) {
-                // get page name
-                if (url.charAt(0) == "#" && url.length > 1) {
+                if (url == "#logout") {
+                    if (options.logout) {
+                        options.logout.call(self);
+                    }
+
+                } else if (url.charAt(0) == "#" && url.length > 1) {
+                    // get page name
                     var name = url.substring(1);
                     self.load(name);
                 }
diff --git a/base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml b/base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml
index 11964a00b..17aaf511a 100644
--- a/base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml
+++ b/base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml
@@ -286,6 +286,19 @@
         </user-data-constraint>
     </security-constraint>
 
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>UI</web-resource-name>
+            <url-pattern>/ui/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
     <login-config>
         <realm-name>Token Processing Service</realm-name>
     </login-config>
diff --git a/base/tps-tomcat/shared/webapps/tps/index.html b/base/tps-tomcat/shared/webapps/tps/index.html
index 790ab1489..183b73fcf 100644
--- a/base/tps-tomcat/shared/webapps/tps/index.html
+++ b/base/tps-tomcat/shared/webapps/tps/index.html
@@ -19,38 +19,22 @@
 <head>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <link href="/pki/css/rcue.css" rel="stylesheet" media="screen, print">
-    <link href="/pki/css/pki-ui.css" rel="stylesheet" type="text/css">
     <script src="/pki/js/jquery.js"></script>
-    <script src="/pki/js/underscore.js"></script>
-    <script src="/pki/js/backbone.js"></script>
     <script src="/pki/js/bootstrap.js"></script>
-    <script src="/pki/js/pki-ui.js"></script>
-    <script src="/tps/js/activity.js"></script>
-    <script src="/tps/js/authenticator.js"></script>
-    <script src="/tps/js/cert.js"></script>
-    <script src="/tps/js/connection.js"></script>
-    <script src="/tps/js/group.js"></script>
-    <script src="/tps/js/profile.js"></script>
-    <script src="/tps/js/selftest.js"></script>
-    <script src="/tps/js/token.js"></script>
-    <script src="/tps/js/user.js"></script>
+    <script src="/tps/js/account.js"></script>
     <script>
 $(function() {
-    new Navigation({
-        el: $("#navigation"),
-        content: $("#content"),
-        pages: {
-            activities: new ActivityPage({ url: "activities.html" }),
-            authenticators: new AuthenticatorPage({ url: "authenticators.html" }),
-            certs: new CertificatePage({ url: "certs.html" }),
-            connections: new ConnectionPage({ url: "connections.html" }),
-            groups: new GroupPage({ url: "groups.html" }),
-            profiles: new ProfilePage({ url: "profiles.html" }),
-            selftests: new SelfTestPage({ url: "selftests.html" }),
-            tokens: new TokenPage({ url: "tokens.html" }),
-            users: new UserPage({ url: "users.html" })
-        },
-        homePage: "tokens"
+    var account = new Account();
+    $("form").submit(function(e) {
+        account.login({
+            success: function() {
+                window.location.href = "/tps/ui";
+            },
+            error: function() {
+                if (window.crypto) window.crypto.logout();
+            }
+        });
+        e.preventDefault();
     });
 });
     </script>
@@ -69,44 +53,20 @@ $(function() {
         <b>Token Processing Service</b>
     </a>
 </div>
-<div class="collapse navbar-collapse navbar-collapse-1">
-    <ul class="nav navbar-nav navbar-utility">
-    <li><a href="#">Status</a></li>
-    <li class="dropdown">
-        <a href="#" class="dropdown-toggle" data-toggle="dropdown">
-        <span class="rcueicon rcueicon-user"></span>
-        Administrator<b class="caret"></b>
-        </a>
-        <ul class="dropdown-menu">
-        <li><a href="settings.html">Settings</a></li>
-        <li class="divider"></li>
-        <li><a href="logout.html">Logout</a></li>
-        </ul>
-    </li>
-    </ul>
-    <ul class="nav navbar-nav navbar-primary">
-    <li><a href="#tokens">Tokens</a></li>
-    <li><a href="#certs">Certificates</a></li>
-    <li><a href="#activities">Activities</a></li>
-    <li><a href="#profiles">Profiles</a></li>
-    <li><a href="#selftests">SelfTests</a></li>
-    <li><a href="#users">Users</a></li>
-    <li><a href="#groups">Groups</a></li>
-    <li class="dropdown context">
-      <a href="#" class="dropdown-toggle" data-toggle="dropdown">
-        Configuration
-        <b class="caret"></b>
-      </a>
-      <ul class="dropdown-menu">
-        <li><a href="#authenticators">Authenticators</a></li>
-        <li><a href="#connections">Connections</a></li>
-      </ul>
-    </li>
-    </ul>
-</div>
 </nav>
 
 <div id="content">
+
+<form action="/tps/ui">
+<div class="col-sm-5 col-md-6 col-lg-7 details">
+<p><strong>Welcome to the Dogtag Token Processing System 10.2</strong>
+<p>The Token Processing System (TPS) is the conduit between the user-centered Enterprise Security Client,
+which interacts with the tokens, and the Certificate System backend subsystems, such as the Certificate Manager.
+</p>
+<button type="submit" class="btn btn-primary btn-lg" tabindex="4">Log In</button>
+</div>
+</form>
+
 </div>
 
 </body>
diff --git a/base/tps-tomcat/shared/webapps/tps/js/account.js b/base/tps-tomcat/shared/webapps/tps/js/account.js
new file mode 100644
index 000000000..50a8cab70
--- /dev/null
+++ b/base/tps-tomcat/shared/webapps/tps/js/account.js
@@ -0,0 +1,37 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ *
+ * @author Endi S. Dewata
+ */
+
+function Account() {
+
+    this.url = "/tps/rest/account";
+
+    this.login = function(options) {
+        var jqxhr = $.get(this.url + "/login");
+        jqxhr.done(options.success);
+        jqxhr.fail(options.error);
+    };
+
+    this.logout = function(options) {
+        var jqxhr = $.get(this.url + "/logout");
+        jqxhr.done(options.success);
+        jqxhr.fail(options.error);
+    };
+};
\ No newline at end of file
diff --git a/base/tps-tomcat/shared/webapps/tps/activities.html b/base/tps-tomcat/shared/webapps/tps/ui/activities.html
index 4c3d613b7..4c3d613b7 100644
--- a/base/tps-tomcat/shared/webapps/tps/activities.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/activities.html
diff --git a/base/tps-tomcat/shared/webapps/tps/authenticators.html b/base/tps-tomcat/shared/webapps/tps/ui/authenticators.html
index 761115c72..761115c72 100644
--- a/base/tps-tomcat/shared/webapps/tps/authenticators.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/authenticators.html
diff --git a/base/tps-tomcat/shared/webapps/tps/certs.html b/base/tps-tomcat/shared/webapps/tps/ui/certs.html
index 71337fdb6..71337fdb6 100644
--- a/base/tps-tomcat/shared/webapps/tps/certs.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/certs.html
diff --git a/base/tps-tomcat/shared/webapps/tps/connections.html b/base/tps-tomcat/shared/webapps/tps/ui/connections.html
index f941b91b5..f941b91b5 100644
--- a/base/tps-tomcat/shared/webapps/tps/connections.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/connections.html
diff --git a/base/tps-tomcat/shared/webapps/tps/groups.html b/base/tps-tomcat/shared/webapps/tps/ui/groups.html
index 2bd9b5ba8..2bd9b5ba8 100644
--- a/base/tps-tomcat/shared/webapps/tps/groups.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/groups.html
diff --git a/base/tps-tomcat/shared/webapps/tps/ui/index.html b/base/tps-tomcat/shared/webapps/tps/ui/index.html
new file mode 100644
index 000000000..7fc48b60f
--- /dev/null
+++ b/base/tps-tomcat/shared/webapps/tps/ui/index.html
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2013 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link href="/pki/css/rcue.css" rel="stylesheet" media="screen, print">
+    <link href="/pki/css/pki-ui.css" rel="stylesheet" type="text/css">
+    <script src="/pki/js/jquery.js"></script>
+    <script src="/pki/js/underscore.js"></script>
+    <script src="/pki/js/backbone.js"></script>
+    <script src="/pki/js/bootstrap.js"></script>
+    <script src="/pki/js/pki-ui.js"></script>
+    <script src="/tps/js/account.js"></script>
+    <script src="/tps/js/activity.js"></script>
+    <script src="/tps/js/authenticator.js"></script>
+    <script src="/tps/js/cert.js"></script>
+    <script src="/tps/js/connection.js"></script>
+    <script src="/tps/js/group.js"></script>
+    <script src="/tps/js/profile.js"></script>
+    <script src="/tps/js/selftest.js"></script>
+    <script src="/tps/js/token.js"></script>
+    <script src="/tps/js/user.js"></script>
+    <script>
+$(function() {
+    var account = new Account();
+    new Navigation({
+        el: $("#navigation"),
+        content: $("#content"),
+        pages: {
+            activities: new ActivityPage({ url: "activities.html" }),
+            authenticators: new AuthenticatorPage({ url: "authenticators.html" }),
+            certs: new CertificatePage({ url: "certs.html" }),
+            connections: new ConnectionPage({ url: "connections.html" }),
+            groups: new GroupPage({ url: "groups.html" }),
+            profiles: new ProfilePage({ url: "profiles.html" }),
+            selftests: new SelfTestPage({ url: "selftests.html" }),
+            tokens: new TokenPage({ url: "tokens.html" }),
+            users: new UserPage({ url: "users.html" })
+        },
+        logout: function() {
+            account.logout({
+                success: function() {
+                    if (window.crypto) window.crypto.logout();
+                    window.location.href = "/tps";
+                },
+                error: function() {
+                    alert("Logout failed");
+                }
+            });
+        },
+        homePage: "tokens"
+    });
+});
+    </script>
+</head>
+<body>
+
+<nav id="navigation" class="navbar navbar-default navbar-rcue" role="navigation">
+<div class="navbar-header">
+    <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse-1">
+        <span class="sr-only">Toggle navigation</span>
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+    </button>
+    <a class="navbar-brand" href="/tps">
+        <b>Token Processing Service</b>
+    </a>
+</div>
+<div class="collapse navbar-collapse navbar-collapse-1">
+    <ul class="nav navbar-nav navbar-utility">
+    <li><a href="#">Status</a></li>
+    <li class="dropdown">
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+        <span class="rcueicon rcueicon-user"></span>
+        Administrator<b class="caret"></b>
+        </a>
+        <ul class="dropdown-menu">
+        <li><a href="settings.html">Settings</a></li>
+        <li class="divider"></li>
+        <li><a href="#logout">Logout</a></li>
+        </ul>
+    </li>
+    </ul>
+    <ul class="nav navbar-nav navbar-primary">
+    <li><a href="#tokens">Tokens</a></li>
+    <li><a href="#certs">Certificates</a></li>
+    <li><a href="#activities">Activities</a></li>
+    <li><a href="#profiles">Profiles</a></li>
+    <li><a href="#selftests">SelfTests</a></li>
+    <li><a href="#users">Users</a></li>
+    <li><a href="#groups">Groups</a></li>
+    <li class="dropdown context">
+      <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+        Configuration
+        <b class="caret"></b>
+      </a>
+      <ul class="dropdown-menu">
+        <li><a href="#authenticators">Authenticators</a></li>
+        <li><a href="#connections">Connections</a></li>
+      </ul>
+    </li>
+    </ul>
+</div>
+</nav>
+
+<div id="content">
+</div>
+
+</body>
+</html>
diff --git a/base/tps-tomcat/shared/webapps/tps/profiles.html b/base/tps-tomcat/shared/webapps/tps/ui/profiles.html
index 388b5ec8b..388b5ec8b 100644
--- a/base/tps-tomcat/shared/webapps/tps/profiles.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/profiles.html
diff --git a/base/tps-tomcat/shared/webapps/tps/selftests.html b/base/tps-tomcat/shared/webapps/tps/ui/selftests.html
index ee52bd998..ee52bd998 100644
--- a/base/tps-tomcat/shared/webapps/tps/selftests.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/selftests.html
diff --git a/base/tps-tomcat/shared/webapps/tps/tokens.html b/base/tps-tomcat/shared/webapps/tps/ui/tokens.html
index 1575b046c..1575b046c 100644
--- a/base/tps-tomcat/shared/webapps/tps/tokens.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/tokens.html
diff --git a/base/tps-tomcat/shared/webapps/tps/users.html b/base/tps-tomcat/shared/webapps/tps/ui/users.html
index 20e622cbc..20e622cbc 100644
--- a/base/tps-tomcat/shared/webapps/tps/users.html
+++ b/base/tps-tomcat/shared/webapps/tps/ui/users.html