| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.
Ticket #287
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously in PKIRealm the authentication token was stored in a thread
local variable. This does not work for multiple operations executed
using the same session because each operation may be handled by
different threads. A new PKIPrincipal has been added to store the
authentication token so that the threads can get the correct token
for the session.
Ticket #357
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.
Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.
Ticket #89
|
| |
|
|
|
|
|
|
|
| |
The PKI JNDI realm has been modified to utilize the authentication
and authorization subsystems in PKI engine directly. It's no longer
necessary to define the LDAP connection settings in Tomcat's
configuration files.
Ticket #126
|
| |
|
|
|
|
|
|
| |
A custom Tomcat authenticator has been added to authenticate users
using client certificate if provided, otherwise it will fallback to
BASIC/FORM authentication.
Ticket #107
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
parameter
* Introduction of default configuration of 'log4j'
mechanism (alee)
* Modify web.xml to use new Application classes to
bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
a remote java debugger (e. g. - eclipse)
|
| | |
|
| |
|
|
| |
REVERSE_INULL,Wrong_Map_Iterators
|
| | |
|
| |
|
|
| |
FB.SBSC_USE_STRINGBUFFER_CONCATENATION --Remaining
|
| | |
|
| |
|
|
|
|
| |
Currently the realm only returns the last acl result in a multiple entry ACL. Since most of them only have one entry, this is mistly ok. This simple fix allows the code to handle multiple entries correctly.
Ticket #123.
|
| |
|
|
|
|
| |
Unnecessary type casts have been removed using Eclipse Quick Fix.
Ticket #134
|
| |
|
|
|
|
|
|
| |
Whitespaces in Java code have been removed with the following command:
find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \;
Ticket #134
|
|
|
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
|
