diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-07-22 08:50:03 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-07-29 15:42:37 -0400 |
commit | a5326958593a84236879c1bf9cc8b54e86ce089f (patch) | |
tree | e43412d494c518eb2501229f49c3501dcdcedf32 /base | |
parent | bb911f68bee0e03f7bafeefff0c87965658bafd3 (diff) | |
download | pki-a5326958593a84236879c1bf9cc8b54e86ce089f.tar.gz pki-a5326958593a84236879c1bf9cc8b54e86ce089f.tar.xz pki-a5326958593a84236879c1bf9cc8b54e86ce089f.zip |
Storing authentication info in session.
The authenticator configuration has been modified to store the authentication
info in the session so it can be used by the servlets. An upgrade script has
been added to update the configuration in existing instances.
The SSLAuthenticatorWithFalback was modified to propagate the configuration
to the actual authenticator handling the request.
Diffstat (limited to 'base')
8 files changed, 93 insertions, 5 deletions
diff --git a/base/ca/shared/webapps/ca/META-INF/context.xml b/base/ca/shared/webapps/ca/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/ca/shared/webapps/ca/META-INF/context.xml +++ b/base/ca/shared/webapps/ca/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java index d1b3dc3f2..20bf85d22 100644 --- a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java +++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java @@ -140,8 +140,13 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase { @Override protected void initInternal() throws LifecycleException { log("Initializing authenticators"); + super.initInternal(); + + sslAuthenticator.setAlwaysUseSession(alwaysUseSession); sslAuthenticator.init(); + + fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession); fallbackAuthenticator.init(); } diff --git a/base/common/upgrade/10.0.4/.gitignore b/base/common/upgrade/10.0.4/.gitignore new file mode 100644 index 000000000..5e7d2734c --- /dev/null +++ b/base/common/upgrade/10.0.4/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/kra/shared/webapps/kra/META-INF/context.xml +++ b/base/kra/shared/webapps/kra/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml +++ b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator b/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator new file mode 100755 index 000000000..7aee78089 --- /dev/null +++ b/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator @@ -0,0 +1,69 @@ +#!/usr/bin/python +# Authors: +# Endi S. Dewata <edewata@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2013 Red Hat, Inc. +# All rights reserved. +# + +import os +from lxml import etree + +import pki.server.upgrade + + +class EnableSessionInAuthenticator(pki.server.upgrade.PKIServerUpgradeScriptlet): + + def __init__(self): + + self.message = 'Enable session in authenticator' + + self.parser = etree.XMLParser(remove_blank_text=True) + + def upgrade_subsystem(self, instance, subsystem): + + context_xml = os.path.join( + instance.base_dir, 'webapps', subsystem.name, 'META-INF', 'context.xml') + self.backup(context_xml) + + document = etree.parse(context_xml, self.parser) + + self.enable_session(document) + + with open(context_xml, 'w') as f: + f.write(etree.tostring(document, pretty_print=True)) + + def enable_session(self, document): + + context = document.getroot() + valves = context.findall('Valve') + authenticator = None + + # Find existing authenticator + for valve in valves: + className = valve.get('className') + if className != 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback': + continue + + # Found existing authenticator + authenticator = valve + break + + if authenticator is None: + raise Exception('Missing SSLAuthenticatorWithFallback') + + # Update authenticator's attributes + authenticator.set('alwaysUseSession', 'true') diff --git a/base/tks/shared/webapps/tks/META-INF/context.xml b/base/tks/shared/webapps/tks/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/tks/shared/webapps/tks/META-INF/context.xml +++ b/base/tks/shared/webapps/tks/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> diff --git a/base/tps/shared/webapps/tps/META-INF/context.xml b/base/tps/shared/webapps/tps/META-INF/context.xml index 032fd14c9..e838503a6 100644 --- a/base/tps/shared/webapps/tps/META-INF/context.xml +++ b/base/tps/shared/webapps/tps/META-INF/context.xml @@ -28,7 +28,9 @@ secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" - secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + alwaysUseSession="true" + secureRandomProvider="Mozilla-JSS" + secureRandomAlgorithm="pkcs11prng"/> <Realm className="com.netscape.cms.tomcat.ProxyRealm" /> |