diff options
Diffstat (limited to 'base/common/src')
| -rw-r--r-- | base/common/src/CMakeLists.txt | 51 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java | 8 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/tomcat/ProxyRealm.java | 139 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java (renamed from base/common/src/com/netscape/cmscore/realm/SSLAuthenticatorWithFallback.java) | 2 |
4 files changed, 197 insertions, 3 deletions
diff --git a/base/common/src/CMakeLists.txt b/base/common/src/CMakeLists.txt index dc61b4ca7..f3702d454 100644 --- a/base/common/src/CMakeLists.txt +++ b/base/common/src/CMakeLists.txt @@ -171,6 +171,8 @@ set(PKI_CERTSRV_JAR ${CMAKE_BINARY_DIR}/dist/pki-certsrv.jar CACHE INTERNAL "pki javac(pki-cms-classes SOURCES com/netscape/cms/*.java + EXCLUDE + com/netscape/cms/tomcat/*.java CLASSPATH ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR} @@ -192,6 +194,8 @@ jar(pki-cms-jar ${CMAKE_BINARY_DIR}/classes FILES com/netscape/cms/*.class + EXCLUDE + com/netscape/cms/tomcat/*.class DEPENDS pki-cms-classes ) @@ -249,12 +253,55 @@ if(WITH_JAVADOC) endif(WITH_JAVADOC) +# build pki-tomcat +javac(pki-tomcat-classes + SOURCES + com/netscape/cms/tomcat/*.java + CLASSPATH + ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} + OUTPUT_DIR + ${CMAKE_BINARY_DIR}/classes + DEPENDS + pki-cms +) + +jar(pki-tomcat-jar + CREATE + ${CMAKE_BINARY_DIR}/dist/pki-tomcat-${APPLICATION_VERSION}.jar + INPUT_DIR + ${CMAKE_BINARY_DIR}/classes + FILES + com/netscape/cms/tomcat/*.class + DEPENDS + pki-tomcat-classes +) + +link(pki-tomcat + SOURCE + ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar + DEST + pki-tomcat-${APPLICATION_VERSION}.jar + DEPENDS + pki-tomcat-jar +) + +install( + FILES + ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar + ${CMAKE_BINARY_DIR}/dist/pki-tomcat-${APPLICATION_VERSION}.jar + DESTINATION + ${JAVA_JAR_INSTALL_DIR}/pki +) + +set(PKI_TOMCAT_JAR ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar CACHE INTERNAL "pki-tomcat jar file") + + # build pki-cmscore javac(pki-cmscore-classes SOURCES com/netscape/cmscore/*.java CLASSPATH - ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} + ${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${PKI_TOMCAT_JAR} ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR} ${JSS_JAR} ${COMMONS_CODEC_JAR} ${COMMONS_HTTPCLIENT_JAR} ${APACHE_COMMONS_LANG_JAR} @@ -264,7 +311,7 @@ javac(pki-cmscore-classes OUTPUT_DIR ${CMAKE_BINARY_DIR}/classes DEPENDS - pki-nsutil pki-cmsutil pki-certsrv pki-cms + pki-nsutil pki-cmsutil pki-certsrv pki-cms pki-tomcat ) jar(pki-cmscore-jar diff --git a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index a8a4008b7..e00f2bdba 100644 --- a/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.cms.tomcat.ProxyRealm; +import com.netscape.cmscore.realm.PKIRealm; import com.netscape.cmsutil.util.Utils; /** @@ -89,10 +91,16 @@ public class CMSStartServlet extends HttpServlet { } } } + try { CMS.start(path); } catch (EBaseException e) { } + + // Register realm for this subsystem + String context = getServletContext().getContextPath(); + if (context.startsWith("/")) context = context.substring(1); + ProxyRealm.registerRealm(context, new PKIRealm()); } public void doGet(HttpServletRequest req, HttpServletResponse res) diff --git a/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java new file mode 100644 index 000000000..094c0561f --- /dev/null +++ b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java @@ -0,0 +1,139 @@ +package com.netscape.cms.tomcat; + +import java.beans.PropertyChangeListener; +import java.io.IOException; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.Map; + +import org.apache.catalina.Container; +import org.apache.catalina.Context; +import org.apache.catalina.Realm; +import org.apache.catalina.Wrapper; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.deploy.SecurityConstraint; +import org.ietf.jgss.GSSContext; + +/** + * @author Endi S. Dewata + */ +public class ProxyRealm implements Realm { + + public static Map<String, ProxyRealm> proxies = new HashMap<String, ProxyRealm>(); + + public Container container; + public Realm realm; + + public ProxyRealm() { + } + + @Override + public Container getContainer() { + return container; + } + + @Override + public void setContainer(Container container) { + this.container = container; + if (container instanceof Context) { + Context context = (Context)container; + proxies.put(context.getBaseName(), this); + } + } + + public Realm getRealm() { + return realm; + } + + public void setRealm(Realm realm) { + this.realm = realm; + realm.setContainer(container); + } + + public static void registerRealm(String contextName, Realm realm) { + ProxyRealm proxy = proxies.get(contextName); + if (proxy == null) return; + + proxy.setRealm(realm); + } + + @Override + public Principal authenticate(String username, String password) { + return realm.authenticate(username, password); + } + + @Override + public Principal authenticate(X509Certificate certs[]) { + return realm.authenticate(certs); + } + + @Override + public Principal authenticate( + String username, + String digest, + String nonce, + String nc, + String cnonce, + String qop, + String realmName, + String md5a2 + ) { + return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2); + } + + @Override + public Principal authenticate(GSSContext gssContext, boolean storeCreds) { + return realm.authenticate(gssContext, storeCreds); + } + + @Override + public boolean hasResourcePermission( + Request request, + Response response, + SecurityConstraint[] constraints, + Context context + ) throws IOException { + return realm.hasResourcePermission(request, response, constraints, context); + } + + @Override + public String getInfo() { + return realm.getInfo(); + } + + @Override + public void backgroundProcess() { + realm.backgroundProcess(); + } + + @Override + public SecurityConstraint[] findSecurityConstraints(Request request, Context context) { + return realm.findSecurityConstraints(request, context); + } + + @Override + public boolean hasRole(Wrapper wrapper, Principal principal, String role) { + return realm.hasRole(wrapper, principal, role); + } + + @Override + public boolean hasUserDataPermission( + Request request, + Response response, + SecurityConstraint[] constraint + ) throws IOException { + return realm.hasUserDataPermission(request, response, constraint); + } + + @Override + public void addPropertyChangeListener(PropertyChangeListener listener) { + realm.addPropertyChangeListener(listener); + } + + @Override + public void removePropertyChangeListener(PropertyChangeListener listener) { + realm.removePropertyChangeListener(listener); + } +} diff --git a/base/common/src/com/netscape/cmscore/realm/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java index 6b6af78a7..d1b3dc3f2 100644 --- a/base/common/src/com/netscape/cmscore/realm/SSLAuthenticatorWithFallback.java +++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java @@ -16,7 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.realm; +package com.netscape.cms.tomcat; import java.io.IOException; import java.security.cert.X509Certificate; |