summaryrefslogtreecommitdiffstats
path: root/base/kra/shared/webapps
Commit message (Collapse)AuthorAgeFilesLines
* Added audit service and CLI to all subsystems.Endi S. Dewata2017-04-041-0/+13
| | | | | | | Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
* Added access banner to KRA UI.Endi S. Dewata2017-02-2452-29/+346
| | | | | | | All pages in KRA UI have been modified to retrieve access banner and display it once at the beginning of the SSL connection. https://fedorahosted.org/pki/ticket/2582
* Renamed index.html to index.jsp in KRA UI.Endi S. Dewata2017-02-206-4/+4
| | | | | | | The index.html files in KRA UI have been renamed to index.jsp such that they can be protected by access banner. https://fedorahosted.org/pki/ticket/2582
* Ticket #2352 [TMS] missing netkeyKeyRecovery requests option in KRA agent ↵Christina Fu2016-06-031-3/+4
| | | | for "List Request" This patch allows KRA agent to list netkeyKeyRecovery requests.
* remove extra space from Base 64 encoded cert displaysMatthew Harmsen2015-07-311-2/+2
| | | | | - PKI TRAC Ticket #1522 - CA UI adds extra space in Base 64 encoded certificate display
* Cleaned up links in main page.Endi S. Dewata2015-06-111-2/+1
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Moved color settings to CSS.Endi S. Dewata2015-04-225-5/+7
| | | | | | | The templates have been modified to remove hard-coded background color settings and use the styles defined in a new CSS file. https://fedorahosted.org/pki/ticket/1296
* Added direct deployment for all subsystems.Endi S. Dewata2015-04-221-1/+1
| | | | | | | | The deployment tool has been modified to deploy all subsystems directly from the /usr/share/pki. This will simplify updating the templates in the web applications. https://fedorahosted.org/pki/ticket/499
* Fixed typos.Matthew Harmsen2015-04-222-2/+2
|
* Parameterized KRAMatthew Harmsen2015-04-225-28/+122
| | | | - PKI TRAC Ticket #1296 - RHCS 9.0 theme
* Parameterized service.template in all subsystems.Endi S. Dewata2015-04-221-2/+28
| | | | https://fedorahosted.org/pki/ticket/1296
* Disable PKI GUI ConfigurationMatthew Harmsen2014-08-281-38/+0
| | | | - PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
* UI scrubMatthew Harmsen2014-08-221-10/+0
| | | | * PKI TRAC Ticket #567 - ui needs to be scrubbed for missing images
* Removed config path from web.xml.Endi S. Dewata2014-03-171-2/+0
| | | | | | | | | | | | | | | | | | | | | Previously the CMSStartServlet always requires a cfgPath parameter pointing to the CS.cfg location. By default the parameter points to <instance>/conf/<subsystem>/CS.cfg unless it's manually changed by the admin after installation. Recently the servlet has been modified such that if the parameter is not specified it will generate the default path automatically. So it is no longer necessary to keep the cfgPath parameter in the web.xml templates because it will point to the same location. This patch removes the cfgPath parameters from all web.xml templates. This way newly created subsystems will not have this parameter, which will help direct deployment in the future. An upgrade script has been added to remove the parameter from existing instances if it points to the default location. If the parameter points to a different location that means the subsystem has been customized so it will not be changed. Ticket #748, #499
* Reorganized REST service classes.Endi S. Dewata2014-02-281-1/+1
| | | | | | | | The REST service classes have been moved into org.dogtagpki.server namespace. A new upgrade script has been added to update existing instances. Ticket #114
* Moved web application context file.Endi S. Dewata2013-12-161-37/+0
| | | | | | | | | | | | | | The location of web application context file has been changed from <instance>/webapps/<name>/META-INF/context.xml into <instance>/conf/Catalina/localhost/<name>.xml. This will eventually allow deploying the web application directly from the shared folder. A new upgrade script has been added to move the context files in the existing instances. Ticket #499
* Added ACL for selftests.Endi S. Dewata2013-12-051-0/+13
| | | | | | | New ACL has been added to allow only the administrators in each subsystem to access the selftests. Ticket #652
* Replaced auth.properties with acl.properties.Endi S. Dewata2013-11-201-12/+0
| | | | | | | | | | | | | | The ACL mapping files have been renamed from auth.properties to acl.properties to match the actual content and moved into the subsystem conf folder. The authentication method mapping files have been extracted from the interceptor into actual files. The ACLInterceptor and AuthMethodInterceptors have been modified to read the default mapping first, then overwrite it with custom mapping if it exists in the subsystem folder. The UpdateAuthzProperties upgrade script has been replaced with RemoveAuthProperties that will remove the old auth.properties.
* Updated ACL and auth method mapping names.Endi S. Dewata2013-11-151-4/+4
| | | | | The ACL and auth method mapping names in some resources have been modified to be more consistent with those in other resources.
* Stand-alone DRMMatthew Harmsen2013-10-151-0/+167
| | | | * TRAC Ticket #667 - provide option for ca-less drm install
* Storing authentication info in session.Endi S. Dewata2013-07-291-1/+3
| | | | | | | | | The authenticator configuration has been modified to store the authentication info in the session so it can be used by the servlets. An upgrade script has been added to update the configuration in existing instances. The SSLAuthenticatorWithFalback was modified to propagate the configuration to the actual authenticator handling the request.
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-06-052-16/+16
| | | | | | This patch corrects JavaScript inability to handle big numbers in building queries. Bug: 951501.
* Replaced PKI_SUBSYSTEM_DIR with PKI_SUBSYSTEM_TYPE.Endi Sukma Dewata2013-05-301-1/+1
| | | | | The PKI_SUBSYSTEM_DIR variable is redundant and can be replaced with PKI_SUBSYSTEM_TYPE.
* correcting JavaScript inability to handle big numbersAndrew Wnuk2013-04-245-8/+13
| | | | | | This patch corrects JavaScript inability to handle big numbers in key key recovery process. Bug: 955784.
* corrected JavaScript issue with big numbersAndrew Wnuk2013-04-234-9/+9
| | | | | | This patch corrects key IDs miscalculated by JavaScript for key search results and key record views. Bug: 951501.
* Refactor installation code to remove dependency on jythonAde Lee2013-03-211-0/+17
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-191-1/+5
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
* Added authentication method validation.Endi Sukma Dewata2013-02-191-3/+3
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* move updateNumberRange to admin interfaceAde Lee2013-02-111-2/+2
|
* remove unneeded getTokenInfo servletAde Lee2013-02-111-18/+0
|
* Reorganized CA, KRA, OCSP, TKS templates.Endi Sukma Dewata2012-11-1256-0/+6570
| | | | | | | | | | | All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407
* Added ACLInterceptor.Endi Sukma Dewata2012-11-081-8/+8
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Enabled authentication for key services.Endi Sukma Dewata2012-10-291-2/+0
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Fixed KRA test.Endi Sukma Dewata2012-10-221-2/+2
| | | | | The security configuration, JAXB mappings, and test script for KRA have been updated to run properly.
* Added REST account service.Endi Sukma Dewata2012-10-222-0/+15
| | | | | | | | | A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
* Added common ROOT webapp.Endi Sukma Dewata2012-09-121-0/+2
| | | | | | | | | | | The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89
* Added proxy realm.Endi Sukma Dewata2012-09-051-0/+31
| | | | | | | | | | | | | | | | | CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
* Moved REST services into separate URLs.Endi Sukma Dewata2012-08-032-88/+43
| | | | | | | | | | | To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107
* Refactored PKI JNDI realm.Endi Sukma Dewata2012-07-311-2/+2
| | | | | | | | | The PKI JNDI realm has been modified to utilize the authentication and authorization subsystems in PKI engine directly. It's no longer necessary to define the LDAP connection settings in Tomcat's configuration files. Ticket #126
* PKI Deployment ScriptletsMatthew Harmsen2012-07-191-93/+8
| | | | | | | | | | | | | | | | | | | | * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-265-0/+1266
Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
generated by cgit (git 2.34.1) at 2025-09-26 14:45:44 +0000