summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/ca/shared/webapps/ca/META-INF/context.xml4
-rw-r--r--base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java5
-rw-r--r--base/common/upgrade/10.0.4/.gitignore4
-rw-r--r--base/kra/shared/webapps/kra/META-INF/context.xml4
-rw-r--r--base/ocsp/shared/webapps/ocsp/META-INF/context.xml4
-rwxr-xr-xbase/server/upgrade/10.0.4/01-EnableSessionInAuthenticator69
-rw-r--r--base/tks/shared/webapps/tks/META-INF/context.xml4
-rw-r--r--base/tps/shared/webapps/tps/META-INF/context.xml4
8 files changed, 93 insertions, 5 deletions
diff --git a/base/ca/shared/webapps/ca/META-INF/context.xml b/base/ca/shared/webapps/ca/META-INF/context.xml
index 032fd14c9..e838503a6 100644
--- a/base/ca/shared/webapps/ca/META-INF/context.xml
+++ b/base/ca/shared/webapps/ca/META-INF/context.xml
@@ -28,7 +28,9 @@
secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
<Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
- secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+ alwaysUseSession="true"
+ secureRandomProvider="Mozilla-JSS"
+ secureRandomAlgorithm="pkcs11prng"/>
<Realm className="com.netscape.cms.tomcat.ProxyRealm" />
diff --git a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
index d1b3dc3f2..20bf85d22 100644
--- a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
+++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
@@ -140,8 +140,13 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase {
@Override
protected void initInternal() throws LifecycleException {
log("Initializing authenticators");
+
super.initInternal();
+
+ sslAuthenticator.setAlwaysUseSession(alwaysUseSession);
sslAuthenticator.init();
+
+ fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession);
fallbackAuthenticator.init();
}
diff --git a/base/common/upgrade/10.0.4/.gitignore b/base/common/upgrade/10.0.4/.gitignore
new file mode 100644
index 000000000..5e7d2734c
--- /dev/null
+++ b/base/common/upgrade/10.0.4/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml
index 032fd14c9..e838503a6 100644
--- a/base/kra/shared/webapps/kra/META-INF/context.xml
+++ b/base/kra/shared/webapps/kra/META-INF/context.xml
@@ -28,7 +28,9 @@
secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
<Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
- secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+ alwaysUseSession="true"
+ secureRandomProvider="Mozilla-JSS"
+ secureRandomAlgorithm="pkcs11prng"/>
<Realm className="com.netscape.cms.tomcat.ProxyRealm" />
diff --git a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
index 032fd14c9..e838503a6 100644
--- a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
+++ b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
@@ -28,7 +28,9 @@
secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
<Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
- secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+ alwaysUseSession="true"
+ secureRandomProvider="Mozilla-JSS"
+ secureRandomAlgorithm="pkcs11prng"/>
<Realm className="com.netscape.cms.tomcat.ProxyRealm" />
diff --git a/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator b/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator
new file mode 100755
index 000000000..7aee78089
--- /dev/null
+++ b/base/server/upgrade/10.0.4/01-EnableSessionInAuthenticator
@@ -0,0 +1,69 @@
+#!/usr/bin/python
+# Authors:
+# Endi S. Dewata <edewata@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+#
+
+import os
+from lxml import etree
+
+import pki.server.upgrade
+
+
+class EnableSessionInAuthenticator(pki.server.upgrade.PKIServerUpgradeScriptlet):
+
+ def __init__(self):
+
+ self.message = 'Enable session in authenticator'
+
+ self.parser = etree.XMLParser(remove_blank_text=True)
+
+ def upgrade_subsystem(self, instance, subsystem):
+
+ context_xml = os.path.join(
+ instance.base_dir, 'webapps', subsystem.name, 'META-INF', 'context.xml')
+ self.backup(context_xml)
+
+ document = etree.parse(context_xml, self.parser)
+
+ self.enable_session(document)
+
+ with open(context_xml, 'w') as f:
+ f.write(etree.tostring(document, pretty_print=True))
+
+ def enable_session(self, document):
+
+ context = document.getroot()
+ valves = context.findall('Valve')
+ authenticator = None
+
+ # Find existing authenticator
+ for valve in valves:
+ className = valve.get('className')
+ if className != 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback':
+ continue
+
+ # Found existing authenticator
+ authenticator = valve
+ break
+
+ if authenticator is None:
+ raise Exception('Missing SSLAuthenticatorWithFallback')
+
+ # Update authenticator's attributes
+ authenticator.set('alwaysUseSession', 'true')
diff --git a/base/tks/shared/webapps/tks/META-INF/context.xml b/base/tks/shared/webapps/tks/META-INF/context.xml
index 032fd14c9..e838503a6 100644
--- a/base/tks/shared/webapps/tks/META-INF/context.xml
+++ b/base/tks/shared/webapps/tks/META-INF/context.xml
@@ -28,7 +28,9 @@
secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
<Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
- secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+ alwaysUseSession="true"
+ secureRandomProvider="Mozilla-JSS"
+ secureRandomAlgorithm="pkcs11prng"/>
<Realm className="com.netscape.cms.tomcat.ProxyRealm" />
diff --git a/base/tps/shared/webapps/tps/META-INF/context.xml b/base/tps/shared/webapps/tps/META-INF/context.xml
index 032fd14c9..e838503a6 100644
--- a/base/tps/shared/webapps/tps/META-INF/context.xml
+++ b/base/tps/shared/webapps/tps/META-INF/context.xml
@@ -28,7 +28,9 @@
secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
<Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
- secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+ alwaysUseSession="true"
+ secureRandomProvider="Mozilla-JSS"
+ secureRandomAlgorithm="pkcs11prng"/>
<Realm className="com.netscape.cms.tomcat.ProxyRealm" />