From 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Thu, 26 Jul 2012 20:40:08 -0500
Subject: Enabled SSL authenticator and PKI realm.

The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107
---
 base/deploy/src/scriptlets/pkiparser.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'base/deploy/src/scriptlets/pkiparser.py')

diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 5674cf87a..66c1e4085 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -400,6 +400,9 @@ def compose_pki_master_dictionary():
             config.pki_master_dict['pki_source_server_xml'] =\
                 os.path.join(config.pki_master_dict['pki_source_shared_path'],
                              "server.xml")
+            config.pki_master_dict['pki_source_context_xml'] =\
+                os.path.join(config.pki_master_dict['pki_source_shared_path'],
+                             "context.xml")
             config.pki_master_dict['pki_source_tomcat_conf'] =\
                 os.path.join(config.pki_master_dict['pki_source_shared_path'],
                              "tomcat.conf")
@@ -984,6 +987,10 @@ def compose_pki_master_dictionary():
                 os.path.join(
                     config.pki_master_dict['pki_instance_configuration_path'],
                     "server.xml")
+            config.pki_master_dict['pki_target_context_xml'] =\
+                os.path.join(
+                    config.pki_master_dict['pki_instance_configuration_path'],
+                    "context.xml")
             config.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\
                 config.pki_master_dict['pki_root_prefix'] +\
                 "/etc/sysconfig/" +\
@@ -997,6 +1004,11 @@ def compose_pki_master_dictionary():
                     config.pki_master_dict['pki_tomcat_webapps_root_path'],
                     "index.jsp")
             # in-place slot substitution name/value pairs
+            config.pki_master_dict['pki_target_auth_properties'] =\
+                os.path.join(
+                    config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
+                    "WEB-INF",
+                    "auth.properties")
             config.pki_master_dict['pki_target_velocity_properties'] =\
                 os.path.join(
                     config.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
@@ -1131,7 +1143,7 @@ def compose_pki_master_dictionary():
             ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] =\
                 ""
             config.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\
-                "agent"
+                "want"
             config.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\
                 config.pki_master_dict['pki_https_port']
             config.pki_master_dict['PKI_AJP_PORT_SLOT'] =\
-- 
cgit