| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Review comments addressed:
1. when archiving or generating keys, realm is checked
2. when no plugin is found for a realm, access is denied.
3. rename mFoo to foo for new variables.
4. add chaining of exceptions
5. remove attributes from KeyArchivalRequest etc. when realm is null
6. Add more detail to denial in BasicGroupAuthz
Part of Trac Ticket 2041
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Added method to check realm. This method will look for
an authz instance for a specified realm and invoke it to
determine access.
* Added a basic group based authz plugin mostly for testing.
This plugin simply checks if the requestor is in the correct
group. In practice, customers will probably want something more
complex maybe subclassing BasicAclAuthz.
Part of Trac Ticket #2041
|
| |
|
|
|
|
|
|
|
|
|
| |
Several lightweight CA ACLs share the 'certServer.ca.authorities'
name, but when loading ACLs each load overwrites the previous.
If multiple resourceACLS values have the same name, instead of
replacing the existing ACL with the new one, add the rights and
rules to the existing ACL.
Part of: https://fedorahosted.org/pki/ticket/1625
|
| |
|
|
|
|
|
|
| |
Various codes have been modified to properly stop threads during
shutdown. A new ID attribute has been added to the LDAP connection
factory classes to help identify leaking threads.
https://fedorahosted.org/pki/ticket/1327
|
| |
|
|
| |
- PKI TRAC Ticket #965 - Improve error message - remove ACL mapping to the user
|
| |
|
|
|
|
|
|
| |
The REST service classes have been moved into org.dogtagpki.server
namespace. A new upgrade script has been added to update existing
instances.
Ticket #114
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ACL mapping files have been renamed from auth.properties to
acl.properties to match the actual content and moved into the
subsystem conf folder. The authentication method mapping files
have been extracted from the interceptor into actual files.
The ACLInterceptor and AuthMethodInterceptors have been modified to read
the default mapping first, then overwrite it with custom mapping if it
exists in the subsystem folder.
The UpdateAuthzProperties upgrade script has been replaced with
RemoveAuthProperties that will remove the old auth.properties.
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS profile mappings.
Ticket #652
|
| |
|
|
|
| |
The ACL and auth method mapping names in some resources have been
modified to be more consistent with those in other resources.
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS selftests.
Ticket #652
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS connections.
Ticket #652
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS configuration.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS authenticators.
The set of interceptors in each application has been modified to
preserve the order.
Ticket #652
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profiles
in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The TPS token REST interface has been modified to require client certificate
authentication. TPS admins, agents, and operators are allowed to view tokens,
but only admins are allowed to add and remove tokens, and only agents are
allowed to modify tokens.
|
|
|
The tomcat, cms, and cmscore packages have been moved from base/common
into separate folders in base/server so that they can be built separately.
|
