| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds audit logging to TPS REST wrote-specific operations.
The read-specific operations are already captured by AuditEvent=AUTHZ_*
The affected (new or modified) log messages include:
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6
LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8
|
|
|
|
|
|
|
|
| |
The ActivityService has been fixed to return the missing TPS activity
attributes including IP, operation, result, and message. The TPS CLI
and UI has been fixed to display the activity date in UTC format.
Ticket #1050
|
|
|
|
|
|
|
|
|
| |
A new method has been added to TPS audit REST service to enable or
disable audit logging. The CLI and UI have been modified to provide
a way to acces this functionality. Also, new ACL entries have been
added for audit.
Ticket #955
|
|
|
|
|
|
|
|
|
|
| |
A new page has been added to the TPS UI to manage audit configuration.
The audit REST service has been modified to use PATCH like the other
services. The audit events will now have 3 possible values: mandatory,
enabled, disabled. Mandatory events cannot be edited. Optional events
can be edited in edit mode.
Ticket #654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPS resources have been modified to accept a basic search filter
for find operation. For resources based on LDAP database, the filtering
is done using LDAP filter. For other resources, the filtering is done
using string comparison. For now the filter is will only be matched
against entry IDs. In the future the filter may be expanded to support
other entry attributes. The CLI has been updated accordingly.
The total attribute in DataCollection was changed from Integer into int
because the total size of the collection cannot be null.
The PKIException constructors have been consolidated into a single
actual constructor. The other constructors have been modified to
call the actual constructor with some default values.
Ticket #847
|
|
|
|
|
|
|
|
| |
The @Consumes and @Provides annotations have been removed from all
methods (except from methods that consume forms) to allow client
to use the default consumes and provides specified in the proxy.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for TPS activities has been modified to return
Response objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The REST interface for audit has been modified to return Response
objects to allow better handling of server responses.
Ticket #554
|
|
|
|
|
|
|
| |
The ClientResponse class has been deprecated in RESTEasy 3.0, so most
of the code using the class has been modified to use the Response class
instead. There are a few remaining references to ClientResponse. They
will be removed separately later.
|
|
|
|
|
|
|
| |
A new REST service and clients have been added to manage the audit
configuration in all subsystems.
Ticket #652
|
|
|
|
|
|
|
| |
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
|
|
|
|
|
|
|
|
| |
New REST services and clients have been added for TPS activities.
The activity database is currently implemented as in-memory database
with some sample data. Later it will be converted into LDAP database.
Ticket #652
|
|
|
|
|
|
|
|
|
| |
The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.
Ticket #526
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We create a user that can be used to connect to the database using the
subsystem cert for client auth. We identified this user, using the seeAlso
attribute and provided certmap rules to this effect.
For this user, we used to reuse the uid = user CA-hostname-port, which is already
created for inter-system communication. But this is problematic if more than one
dbuser exists, as the directory server may bind as the incorrect user. In any
replication topology, there must be only one dbuser using the subsystem cert.
To simplify things, we create a new user specifically for this purpose
(pkidbuser), and we remove the seeAlso attribute from the older dbusers.
A script is needed to convert existing dogtag 9 istances to use the new user,
and set the relevant acls. This will be done in a separate commit.
|
|
|
|
|
|
|
|
|
| |
A new Auditor service has been added to replace the audit service that was
previously only available to subclasses of AdminServlet. The new service
can be used by other components including REST services. The AdminServlet
will be modified to use the Auditor service separately.
Ticket #160
|
|
|
|
|
|
|
|
| |
Whitespaces in Java code have been removed with the following command:
find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \;
Ticket #134
|
|
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
|