| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Previously the audit service and CLI were only available on TPS.
Now they have been added to all subsystems.
Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
|
| |
|
|
|
|
|
|
|
|
| |
Due to database upgrade issue the pki <subsystem>-audit CLI has
been removed from all subsystems except TPS.
The AuditModifyCLI has been modified to clarify that the --action
and the --input parameters are mutually exclusive.
https://fedorahosted.org/pki/ticket/1437
|
| |
|
|
|
|
|
|
|
|
|
| |
The REST methods may be executed by different threads even though
they are invoked in the same session. A new interceptor has been
added to all subsystems to make sure the SessionContext is created
properly for each thread. This will fix the authentication data in
the audit log. The SessionContext has also been improved to use
ThreadLocal instead of a global Hashtable.
https://fedorahosted.org/pki/ticket/1054
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tickets #1294, #1058
The patch does the following:
1. Allows an OCSP clone to actually install and operate.
It also sets a param appropriate for an OCSP clone. Ticket #1058
The controversial part of this one is the fact that I have disabled
having OCSP clones register themselves to the CA as publishing target.
The master is already getting the updates and we rely upon replication
to keep the clones updated. The current downside is the master is on an
island with respect to updates and could be considered a single point of failure.
Thus my proposal for this simple patch is to get the OCSP clone working as in existing
functionality. Then we come back and propose a ticket to allow the installer OCSP clones
to set up the publishers in such a way that all clones and master are registered, but when
it is actually time to publish, the CRL publisher has the smarts to know that members of a
clone cluster are in a group and the first successfull publish should end the processing of
that group.
2. Allows the CA clone to set some params to disable certain things that a clone should not do.
This was listed as a set of misc post install tasks that we are trying to automate.
Code tested to work.
1. OCSP clones can be installed and the CRL were checked to be in sync when an update occured to the master.
2. The CA clone has been seen to have the required params and it looks to come up just fine.
Final review minor changes to tickets, 1294, and 1058.
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously PKIException was not displayed properly in browser
because it doesn't have a writer for HTML. Now the exception mapper
will compute the message format properly, and will default to XML.
The exception mapper itself has been moved into a server package
due to class dependency. The REST application classes have been
updated accordingly.
Ticket #554
|
| |
|
|
|
|
|
| |
Subsystem-specific configuration codes have been moved from the
SystemConfigService into the subsystem-specific installer.
Ticket #890
|
| |
|
|
|
|
|
|
|
| |
New subclasses of SystemConfigService have been added for each
subsystem to replace the base installer. Initially these classes
are blank, so they are identical to the base class. Later they will
store subsystem-specific installation code.
Ticket #890
|
| |
|
|
|
|
|
|
|
|
|
| |
A new CLI parameter has been added to allow the user select the
REST message format. This is done by setting the default consumes
and produces when creating the client proxy. For this to work the
hard-coded @Consumes and @Produces annotations need to be removed
from the interface definition. A new interceptor has been added
to validate the message format before executing the operation.
Ticket #554
|
|
|
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.
Ticket #114
|
