CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR files
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders. Note that Tomcat requires that the JAR files
be copied into this folder, they cannot be linked.
Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.
Ticket #89
--
Endi S. Dewata