Thanks. Fixed as below. Pushed to master. On Mon, 2016-05-09 at 17:51 -0500, Endi Sukma Dewata wrote: > On 5/9/2016 2:18 PM, Ade Lee wrote: > > Patch descriptions .. in reverse order. > > > > Note that the CA setup for authz is further documented at > > pki.fedoraproject.org/wiki/Kra_authz_realm , where I have added a > > section on 'CA Configuration". > > > > Thanks, > > Ade > > > > **************************************************************** > > commit ad1fcecc2f36cc1ebc1f13efe3df9d1e138224b7 > > Author: Ade Lee <[email protected]> > > Date: Mon May 9 15:00:20 2016 -0400 > > > > Add authz realm check for cert enrollment > > > > Ticket 2041 > > > > commit b5232ce101083409ed9a86e9057620cca7288f62 > > Author: Ade Lee <[email protected]> > > Date: Sat May 7 00:06:08 2016 -0400 > > > > Fix error output when request is rejected > > > > With this fix, error messages are returned to the user when > > a request is rejected - either in the UI or from the pki CLI. > > > > Trac Ticket 1247 (amongst others) > > > > commit 82d18a99103de1fa749b077cfccec5ff65ceb4a5 > > Author: Ade Lee <[email protected]> > > Date: Wed May 4 18:25:51 2016 -0400 > > > > Add realm to requests coming in from CA > > > > Requests to the KRA through the CA-KRA connector use the > > Enrollment > > Service. This has been modified to read and store any realm > > passed in. > > The realm can be added to the request by havibg the admin add > > a AuthzRealmDefault and AuthzRealmConstraint in a profile. > > > > At this point, all the constraint does is verify that the > > realm is > > one of a specified list of realms. More verification will be > > added > > in a subsequent patch. > > > > No attempt is made yet to allow users to specify the realm. > > This > > would need to be added as a ProfileInput. > > > > Part of Ticket 2041 > > ACK. Just some comments: > > 1. In AuthzRealmDefault.populate() we should wrap and rethrow the > exception instead of ignoring it. > > 2. In UserMessages.properties let's use "Authorization" instead of > "Authz" to be more user-friendly. Or just "Realm" instead of "Authz > realm". > > 3. In HttpPKIMessage.fromRequest() we probably want to copy the realm > without any condition (e.g. to copy the null value). > > reqRealm = r.getRealm(); > > 4. In CertRequestInfoFactory.create() this if condition is redundant: > > if (error != null) { > info.setErrorMessage(error); > } >
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
