[Pki-devel] [PATCH] 315-319 KRA realm related patches
Ade Lee
alee at redhat.com
Thu Jun 2 13:51:12 UTC 2016
And now with the patches ..
On Thu, 2016-06-02 at 09:50 -0400, Ade Lee wrote:
> Patch descriptions (in reverse order).
>
> The final patch will need some discussion. Please review,
>
> Ade
>
> ***********************************************
> commit 4a1fb1e678d0024d9ee51fcda0d83f74f1715f4b
> Author: Ade Lee <alee at redhat.com>
> Date: Thu Jun 2 09:41:35 2016 -0400
>
> Modify pki-server db-upgrade to do realm related upgrades
>
> Tickets 2320, 2319
>
> commit ed3e2da4c598bf4cec89bec8e20a23ab6d82013c
> Author: Ade Lee <alee at redhat.com>
> Date: Fri May 27 14:01:59 2016 -0400
>
> New VLV indexes for KRA including realm
>
> commit 1a2947fed2f7cd2cc32fa810ab77d64bf3acb821
> Author: Ade Lee <alee at redhat.com>
> Date: Thu May 26 00:48:39 2016 -0400
>
> Fix legacy servlets to check realm when requesting recovery
>
> commit 483f9b2066110c3b8d4598e3afe1a9508bddbbb7
> Author: Ade Lee <alee at redhat.com>
> Date: Wed May 25 18:53:22 2016 -0400
>
> Change legacy requests servlet to check realm
>
> The legacy KRA servlet has been modified to check the realm
> if present in the request, or only return non-realm requests
> if not present.
>
> No attempt is made to fix the error reporting of the servlet.
> As such, an authz failure due to the realm check is handled
> in the same way that other authz failures are handled.
>
> commit 6c52845955315ca8842290d41c826c26aa037eb3
> Author: Ade Lee <alee at redhat.com>
> Date: Wed May 25 18:10:59 2016 -0400
>
> Fix old KRA servlets to check realm
>
> The old KRA servlets to list and display keys do not go through
> the same code paths as the REST API. Therefore, they do not
> check the authz realm.
>
> This patch adds the relevant code. No attempt is made to fix the
> error handling of the old servlets. the long term solution for
> this
> is to deprecate the old servlets and make the UI use the REST API
> instead. Therefore, authz failures due to realm checks are
> handled
> in the same way as other authz changes.
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0315-Fix-old-KRA-servlets-to-check-realm.patch
Type: text/x-patch
Size: 16318 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160602/49c911c8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0316-Change-legacy-requests-servlet-to-check-realm.patch
Type: text/x-patch
Size: 3563 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160602/49c911c8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0317-Fix-legacy-servlets-to-check-realm-when-requesting-r.patch
Type: text/x-patch
Size: 11620 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160602/49c911c8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0318-New-VLV-indexes-for-KRA-including-realm.patch
Type: text/x-patch
Size: 5214 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160602/49c911c8/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0319-Modify-pki-srever-db-upgrade-to-do-realm-related-upg.patch
Type: text/x-patch
Size: 11817 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160602/49c911c8/attachment-0004.bin>
More information about the Pki-devel
mailing list