pki.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Added AuthMapping annotation.ticket-474-6	Endi Sukma Dewata	2013-02-02	1	-11/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	A new AuthMapping annotation has been added to configure the required authentication methods to acces each REST method. The annotation maps each method into a list of authentication methods in auth.properties. For security reason, most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get installation token from the security domain. Previously the auth.properties files were used to store ACL mappings. Now the ACL mappings have been moved into acl.properties. Ticket #477
*	Resolved Trac Ticket 367 - pkidestroy does not remove connector	Ade Lee	2013-01-15	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	* Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
*	Added ACLInterceptor.	Endi Sukma Dewata	2012-11-08	1	-9/+9
\| \| \| \| \| \| \| \| \|	Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
*	Enabled realm authentication for certificate requests.	Endi Sukma Dewata	2012-10-22	1	-0/+1
\| \| \| \| \| \| \| \| \|	The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300
*	Added REST account service.	Endi Sukma Dewata	2012-10-22	1	-0/+2
\| \| \| \| \| \| \| \| \|	A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
*	Enabled authentication for security domain REST interface.	Endi Sukma Dewata	2012-10-18	1	-0/+1
\| \| \| \| \| \| \| \|	The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
*	Enabled SSL authenticator and PKI realm.	Endi Sukma Dewata	2012-08-03	1	-0/+9
	The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107