Revision: glite-voms-admin-server--cvs-trunk--0--patch-119 Archive: lorentey@elte.hu--2004 Creator: Karoly Lorentey Date: Fri Nov 12 03:59:59 CET 2004 Standard-date: 2004-11-12 02:59:59 GMT Modified-files: src/org/glite/security/voms/database/DBACL.java src/org/glite/security/voms/service/CAUpdater.java src/org/glite/security/voms/service/Constants.java src/org/glite/security/voms/service/InitSecurityContext.java src/org/glite/security/voms/webui/admin/ACLActions.java New-patches: lorentey@elte.hu--2004/glite-voms-admin-server--cvs-trunk--0--patch-119 Summary: "Absolutely anyone" (public access) ACL entries. Sanitized logging. Internal virtual admin. Keywords: * src/org/glite/security/voms/database/DBACL.java (checkPermission): Check for a match on an "absolutely anyone" ACL entry (public principal). Only check for "anyuser" if the client has authenticated herself. * src/org/glite/security/voms/service/Constants.java: Update docs. (VIRTUAL_ADMIN): Renamed to LOCAL_ADMIN. (INTERNAL_ADMIN): New constant. (UNAUTHENTICATED_CLIENT): New constant. (PUBLIC_ADMIN): New constant. * src/org/glite/security/voms/service/InitSecurityContext.java: (initSC): Always set a non-null clientName/issuerName. Use UNAUTHENTICATED_CLIENT if client is not authenticated or if an error happens during certificate parsing. (initLocalSC): Reduce logging severity from info to debug. (initInternalSC): New method. (initClearSC): Use UNAUTHENTICATED_CLIENT instead of null fields. * src/org/glite/security/voms/webui/admin/ACLActions.java: (printACLEdit): Allow giving rights to "absolutely anyone". Show such ACL entries correctly. Reverse the order of principal types on the new ACL entry form. Don't preselect a principal type by default. (printACLEntry): Show "absolutely anyone" ACL entries correctly. * src/org/glite/security/voms/service/CAUpdater.java (run, updateCAs): Reduce most logging from INFO to DEBUG. Fix some typos. (updateCAs): Use the initInternalSC, not initLocalSC.