Patch descriptions (in reverse order).
The final patch will need some discussion. Please review,
Ade
***********************************************
commit 4a1fb1e678d0024d9ee51fcda0d83f74f1715f4b
Author: Ade Lee <alee(a)redhat.com>
Date: Thu Jun 2 09:41:35 2016 -0400
Modify pki-server db-upgrade to do realm related upgrades
Tickets 2320, 2319
commit ed3e2da4c598bf4cec89bec8e20a23ab6d82013c
Author: Ade Lee <alee(a)redhat.com>
Date: Fri May 27 14:01:59 2016 -0400
New VLV indexes for KRA including realm
commit 1a2947fed2f7cd2cc32fa810ab77d64bf3acb821
Author: Ade Lee <alee(a)redhat.com>
Date: Thu May 26 00:48:39 2016 -0400
Fix legacy servlets to check realm when requesting recovery
commit 483f9b2066110c3b8d4598e3afe1a9508bddbbb7
Author: Ade Lee <alee(a)redhat.com>
Date: Wed May 25 18:53:22 2016 -0400
Change legacy requests servlet to check realm
The legacy KRA servlet has been modified to check the realm
if present in the request, or only return non-realm requests
if not present.
No attempt is made to fix the error reporting of the servlet.
As such, an authz failure due to the realm check is handled
in the same way that other authz failures are handled.
commit 6c52845955315ca8842290d41c826c26aa037eb3
Author: Ade Lee <alee(a)redhat.com>
Date: Wed May 25 18:10:59 2016 -0400
Fix old KRA servlets to check realm
The old KRA servlets to list and display keys do not go through
the same code paths as the REST API. Therefore, they do not
check the authz realm.
This patch adds the relevant code. No attempt is made to fix the
error handling of the old servlets. the long term solution for
this
is to deprecate the old servlets and make the UI use the REST API
instead. Therefore, authz failures due to realm checks are
handled
in the same way as other authz changes.
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel