diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-26 20:40:08 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-08-03 17:07:13 -0500 |
commit | eca4d635e67eaf3c6878d35acfaaf11df53151e2 (patch) | |
tree | 32d947e0eeec6a36ea9cc1e7ebf0804b487da7e2 | |
parent | 1d85941aa2f80f3da619504fe4310fe47cb5b036 (diff) | |
download | pki-eca4d635e67eaf3c6878d35acfaaf11df53151e2.tar.gz pki-eca4d635e67eaf3c6878d35acfaaf11df53151e2.tar.xz pki-eca4d635e67eaf3c6878d35acfaaf11df53151e2.zip |
Moved REST services into separate URLs.
To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.
Ticket #107
18 files changed, 142 insertions, 189 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index 8471d6cd4..7ec3932c9 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -1816,13 +1816,15 @@ <param-value> /agent/ca/doRevoke </param-value> </init-param> </servlet> + <!-- ==================== RESTEasy Configuration =============== --> + <listener> <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class> </listener> <context-param> <param-name>resteasy.servlet.mapping.prefix</param-name> - <param-value>/pki</param-value> + <param-value>/rest</param-value> </context-param> <context-param> @@ -1843,9 +1845,9 @@ <servlet-mapping> <servlet-name>Resteasy</servlet-name> - <url-pattern>/pki/*</url-pattern> + <url-pattern>/rest/*</url-pattern> </servlet-mapping> - + <servlet-mapping> <servlet-name> caacl </servlet-name> <url-pattern> /acl </url-pattern> diff --git a/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java b/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java index 51370f573..fb4293ffe 100644 --- a/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java +++ b/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java @@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType; /** * @author Endi S. Dewata */ -@Path("/groups/{groupID}/members") +@Path("admin/groups/{groupID}/members") public interface GroupMemberResource { @GET @@ -51,12 +51,12 @@ public interface GroupMemberResource { public Response addGroupMember(@PathParam("groupID") String groupID, String memberID); @GET - @Path("/{memberID}") + @Path("{memberID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public GroupMemberData getGroupMember(@PathParam("groupID") String groupID, @PathParam("memberID") String memberID); @DELETE - @Path("/{memberID}") + @Path("{memberID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void removeGroupMember(@PathParam("groupID") String groupID, @PathParam("memberID") String memberID); } diff --git a/base/common/src/com/netscape/certsrv/group/GroupResource.java b/base/common/src/com/netscape/certsrv/group/GroupResource.java index 5889048ea..e0110e6a8 100644 --- a/base/common/src/com/netscape/certsrv/group/GroupResource.java +++ b/base/common/src/com/netscape/certsrv/group/GroupResource.java @@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType; /** * @author Endi S. Dewata */ -@Path("/groups") +@Path("admin/groups") public interface GroupResource { @GET @@ -51,19 +51,19 @@ public interface GroupResource { public Response addGroup(GroupData groupData); @GET - @Path("/{groupID}") + @Path("{groupID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public GroupData getGroup(@PathParam("groupID") String groupID); @POST - @Path("/{groupID}") + @Path("{groupID}") @ClientResponseType(entityType=GroupData.class) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response modifyGroup(@PathParam("groupID") String groupID, GroupData groupData); @DELETE - @Path("/{groupID}") + @Path("{groupID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void removeGroup(@PathParam("groupID") String groupID); } diff --git a/base/common/src/com/netscape/certsrv/user/UserCertResource.java b/base/common/src/com/netscape/certsrv/user/UserCertResource.java index b9339bc33..db463ea59 100644 --- a/base/common/src/com/netscape/certsrv/user/UserCertResource.java +++ b/base/common/src/com/netscape/certsrv/user/UserCertResource.java @@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType; /** * @author Endi S. Dewata */ -@Path("/users/{userID}/certs") +@Path("admin/users/{userID}/certs") public interface UserCertResource { @GET @@ -52,12 +52,12 @@ public interface UserCertResource { public Response addUserCert(@PathParam("userID") String userID, UserCertData userCertData); @GET - @Path("/{certID}") + @Path("{certID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public UserCertData getUserCert(@PathParam("userID") String userID, @PathParam("certID") String certID); @DELETE - @Path("/{certID}") + @Path("{certID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void removeUserCert(@PathParam("userID") String userID, @PathParam("certID") String certID); } diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java index fae700bc3..4a837165f 100644 --- a/base/common/src/com/netscape/certsrv/user/UserResource.java +++ b/base/common/src/com/netscape/certsrv/user/UserResource.java @@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType; /** * @author Endi S. Dewata */ -@Path("/users") +@Path("admin/users") public interface UserResource { @GET @@ -51,19 +51,19 @@ public interface UserResource { public Response addUser(UserData userData); @GET - @Path("/{userID}") + @Path("{userID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public UserData getUser(@PathParam("userID") String userID); @POST - @Path("/{userID}") + @Path("{userID}") @ClientResponseType(entityType=UserData.class) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response modifyUser(@PathParam("userID") String userID, UserData userData); @DELETE - @Path("/{userID}") + @Path("{userID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void removeUser(@PathParam("userID") String userID); } diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java index d4cfcd296..aaf3fa129 100644 --- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java +++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java @@ -10,16 +10,16 @@ import org.jboss.resteasy.annotations.ClientResponseType; import com.netscape.cms.servlet.cert.model.CertificateData; -@Path("/config/cert") +@Path("config/cert") public interface SystemCertificateResource { /** * Used to retrieve the transport certificate */ @GET - @Path("/transport") + @Path("transport") @ClientResponseType(entityType=CertificateData.class) - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response getTransportCert(); }
\ No newline at end of file diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java index 74e02c3ea..48650f05f 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java +++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java @@ -18,21 +18,23 @@ import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; import com.netscape.cms.servlet.cert.model.CertificateData; import com.netscape.cms.servlet.request.model.CertRequestInfo; -@Path("/certs") +@Path("") public interface CertResource { + public static final int DEFAULT_MAXTIME = 10; public static final int DEFAULT_MAXRESULTS = 100; @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("certs") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertDataInfos listCerts( @QueryParam("status") String status, @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); @POST - @Path("search") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("certs/search") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertDataInfos searchCerts( CertSearchData data, @@ -40,24 +42,24 @@ public interface CertResource { @DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); @GET - @Path("{id}") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("certs/{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertificateData getCert(@PathParam("id") CertId id); @POST - @Path("{id}/revoke-ca") + @Path("agent/certs/{id}/revoke-ca") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertRequestInfo revokeCACert(@PathParam("id") CertId id, CertRevokeRequest request); @POST - @Path("{id}/revoke") + @Path("agent/certs/{id}/revoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertRequestInfo revokeCert(@PathParam("id") CertId id, CertRevokeRequest request); @POST - @Path("{id}/unrevoke") + @Path("agent/certs/{id}/unrevoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertRequestInfo unrevokeCert(@PathParam("id") CertId id, CertUnrevokeRequest request); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java index 2317eac47..9d7f2f9ac 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java @@ -275,7 +275,7 @@ public abstract class CMSRestClient { } public <T> T createProxy(Class<T> clazz) throws URISyntaxException { - URI uri = new URI(config.getServerURI()+"/pki"); + URI uri = new URI(config.getServerURI()+"/rest"); return ProxyFactory.create(clazz, uri, executor, providerFactory); } diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java index d98d8f93d..63af4101a 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java @@ -41,7 +41,8 @@ public class ConfigurationErrorInterceptor implements ClientErrorInterceptor { String contentType = headers.getFirst("Content-Type"); // handle XML content only - if (!contentType.startsWith(MediaType.TEXT_XML)) return; + System.out.println("Content-type: "+contentType); + if (!contentType.startsWith(MediaType.APPLICATION_XML)) return; CMSException exception; diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java index ff582561c..2918842c9 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java @@ -14,7 +14,7 @@ // // (C) 2012 Red Hat, Inc. // All rights reserved. -// --- END COPYRIGHT BLOCK --- +// --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; import javax.ws.rs.Consumes; @@ -33,34 +33,31 @@ import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest; /** * @author alee - * */ -@Path("/installer") +@Path("installer") public interface SystemConfigurationResource { - + @POST @Path("configure") - @Produces({ MediaType.TEXT_XML }) - @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) public ConfigurationResponseData configure(MultivaluedMap<String, String> form); - + @POST @Path("configure") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ConfigurationResponseData configure(ConfigurationData data); - + @POST @Path("installToken") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public InstallToken getInstallToken(InstallTokenRequest data); - + @GET @Path("domainInfo") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public DomainInfo getDomainInfo(); - - } diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/base/common/src/com/netscape/cms/servlet/key/KeyResource.java index 9a9b5db1a..4d352eaea 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyResource.java @@ -14,14 +14,14 @@ import com.netscape.cms.servlet.key.model.KeyData; import com.netscape.cms.servlet.key.model.KeyDataInfos; import com.netscape.cms.servlet.request.model.RecoveryRequestData; -@Path("/keys") +@Path("agent/keys") public interface KeyResource { public static final int DEFAULT_MAXTIME = 10; public static final int DEFAULT_MAXRESULTS = 100; @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public KeyDataInfos listKeys(@QueryParam("clientID") String clientID, @QueryParam("status") String status, @DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, @@ -35,14 +35,14 @@ public interface KeyResource { */ @POST @Path("retrieve") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public KeyData retrieveKey(RecoveryRequestData data); // retrieval - used to test integration with a browser @POST @Path("retrieve") - @Produces(MediaType.TEXT_XML) - @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) public KeyData retrieveKey(MultivaluedMap<String, String> form); } diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java index e402aeadd..cc32234b2 100644 --- a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java +++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java @@ -9,16 +9,16 @@ import javax.ws.rs.core.MediaType; import com.netscape.cms.servlet.profile.model.ProfileData; import com.netscape.cms.servlet.profile.model.ProfileDataInfos; -@Path("/profiles") +@Path("agent/profiles") public interface ProfileResource { @GET @Path("{id}") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileData retrieveProfile(@PathParam("id") String id); @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileDataInfos listProfiles(); /** @@ -31,14 +31,14 @@ public interface ProfileResource { /* @POST @Path("retrieve") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileData retrieveProfile(ProfileRetrievalRequestData request); // retrieval - used to test integration with a browser @POST @Path("retrieve") - @Produces(MediaType.TEXT_XML) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) public ProfileData retrievProfile(MultivaluedMap<String, String> form); */ diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java index f35074738..fc06e5e10 100644 --- a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java +++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java @@ -34,7 +34,7 @@ import com.netscape.cms.servlet.request.model.CertRequestInfo; import com.netscape.cms.servlet.request.model.CertRequestInfos; import com.netscape.cms.servlet.request.model.EnrollmentRequestData; -@Path("/certrequests") +@Path("") public interface CertRequestResource { public static final int DEFAULT_START = 0; @@ -46,7 +46,8 @@ public interface CertRequestResource { * Used to generate list of cert requests based on the search parameters */ @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("agent/certrequests") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertRequestInfos listRequests(@QueryParam("requestState") String requestState, @QueryParam("requestType") String requestType, @DefaultValue("" + DEFAULT_START) @QueryParam("start") RequestId start, @@ -58,60 +59,60 @@ public interface CertRequestResource { * Used to retrieve cert request info for a specific request */ @GET - @Path("{id}") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("certrequests/{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertRequestInfo getRequestInfo(@PathParam("id") RequestId id); @GET - @Path("{id}/agentView") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("agent/certrequests/{id}") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public AgentEnrollmentRequestData reviewRequest(@PathParam("id") RequestId id); // Enrollment - used to test integration with a browser @POST - @Path("enroll") - @Produces({ MediaType.TEXT_XML }) + @Path("certrequests") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED }) public CertRequestInfos enrollCert(MultivaluedMap<String, String> form); @POST - @Path("enroll") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Path("certrequests") + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public CertRequestInfos enrollCert(EnrollmentRequestData data); @POST - @Path("{id}/approve") + @Path("agent/certrequests/{id}/approve") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void approveRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); @POST - @Path("{id}/reject") + @Path("agent/certrequests/{id}/reject") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void rejectRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); @POST - @Path("{id}/cancel") + @Path("agent/certrequests/{id}/cancel") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void cancelRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); @POST - @Path("{id}/update") + @Path("agent/certrequests/{id}/update") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void updateRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); @POST - @Path("{id}/validate") + @Path("agent/certrequests/{id}/validate") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void validateRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); @POST - @Path("{id}/unassign") + @Path("agent/certrequests/{id}/unassign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void unassignRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); @POST - @Path("{id}/assign") + @Path("agent/certrequests/{id}/assign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void assignRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data); } diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java index cf326540d..9ed2eb2a1 100644 --- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java +++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java @@ -17,8 +17,9 @@ import com.netscape.cms.servlet.request.model.KeyRequestInfo; import com.netscape.cms.servlet.request.model.KeyRequestInfos; import com.netscape.cms.servlet.request.model.RecoveryRequestData; -@Path("/keyrequests") +@Path("agent/keyrequests") public interface KeyRequestResource { + public final String SYMMETRIC_KEY_TYPE = "symmetricKey"; public final String PASS_PHRASE_TYPE = "passPhrase"; public final String ASYMMETRIC_KEY_TYPE = "asymmetricKey"; @@ -32,7 +33,7 @@ public interface KeyRequestResource { * Used to generate list of key requests based on the search parameters */ @GET - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public KeyRequestInfos listRequests(@QueryParam("requestState") String requestState, @QueryParam("requestType") String requestType, @QueryParam("clientID") String clientID, @@ -47,45 +48,45 @@ public interface KeyRequestResource { */ @GET @Path("{id}") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public KeyRequestInfo getRequestInfo(@PathParam("id") RequestId id); // Archiving - used to test integration with a browser @POST @Path("archive") - @Produces({ MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form); @POST @Path("archive") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public KeyRequestInfo archiveKey(ArchivalRequestData data); //Recovery - used to test integration with a browser @POST @Path("recover") - @Produces({ MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_FORM_URLENCODED}) public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form); @POST @Path("recover") - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public KeyRequestInfo recoverKey(RecoveryRequestData data); @POST - @Path("approve/{id}") + @Path("{id}/approve") public void approveRequest(@PathParam("id") RequestId id); @POST - @Path("reject/{id}") + @Path("{id}/reject") public void rejectRequest(@PathParam("id") RequestId id); @POST - @Path("cancel/{id}") + @Path("{id}/cancel") public void cancelRequest(@PathParam("id") RequestId id); } diff --git a/base/kra/functional/drmclient.py b/base/kra/functional/drmclient.py index 62940fdf2..3c7c12e30 100644 --- a/base/kra/functional/drmclient.py +++ b/base/kra/functional/drmclient.py @@ -612,7 +612,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keyrequests/archive', + self._request('/kra/rest/agent/keyrequests/archive', self.kra_agent_port, self.POST, etree.tostring(request.getroot(), encoding='UTF-8')) @@ -637,7 +637,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/config/cert/transport', + self._request('/kra/rest/config/cert/transport', self.kra_agent_port, self.GET, None) @@ -675,7 +675,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keys', + self._request('/kra/rest/agent/keys', self.kra_agent_port, self.GET, get_args) @@ -717,7 +717,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keyrequests', + self._request('/kra/rest/agent/keyrequests', self.kra_agent_port, self.GET, get_args) @@ -750,7 +750,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keyrequests/recover', + self._request('/kra/rest/agent/keyrequests/recover', self.kra_agent_port, self.POST, etree.tostring(request.getroot(), encoding='UTF-8')) @@ -798,7 +798,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keyrequests/approve/'+ request_id, + self._request('/kra/rest/agent/keyrequests/'+request_id+'/approve', self.kra_agent_port, self.POST, None) @@ -820,7 +820,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keyrequests/reject/'+ request_id, + self._request('/kra/rest/agent/keyrequests/'+request_id+'/reject', self.kra_agent_port, self.POST, None) @@ -842,7 +842,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keyrequests/cancel/'+ request_id, + self._request('/kra/rest/agent/keyrequests/'+request_id+'/cancel', self.kra_agent_port, self.POST, None) @@ -898,7 +898,7 @@ class kra: #Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/pki/keys/retrieve', + self._request('/kra/rest/agent/keys/retrieve', self.kra_agent_port, self.POST, etree.tostring(request.getroot(), encoding='UTF-8')) diff --git a/base/kra/shared/conf/acl.ldif b/base/kra/shared/conf/acl.ldif index 38a9a088c..ea70ffd21 100644 --- a/base/kra/shared/conf/acl.ldif +++ b/base/kra/shared/conf/acl.ldif @@ -30,13 +30,7 @@ resourceACLS: certServer.kra.TokenKeyRecovery:submit:allow (submit) group="Data resourceACLS: certServer.kra.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent resourceACLS: certServer.kra.getTransportCert:read:allow (read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to retrieve the transport cert resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. -resourceACLS: certServer.kra.pki.key.retrieve:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may retrieve archived key -resourceACLS: certServer.kra.pki.keyrequests:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read keyrequests data -resourceACLS: certServer.kra.pki.keyrequest:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read keyrequest data -resourceACLS: certServer.kra.pki.keyrequest.archive:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may issue archival request -resourceACLS: certServer.kra.pki.keyrequest.recover:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may issue recovery request -resourceACLS: certServer.kra.pki.keyrequest.approve:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may approve security data request -resourceACLS: certServer.kra.pki.keyrequest.reject:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may reject key security data request -resourceACLS: certServer.kra.pki.keyrequest.cancel:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may cancel security data request -resourceACLS: certServer.kra.pki.keys:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read security data -resourceACLS: certServer.kra.pki.config.cert.transport:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read transport cert data +resourceACLS: certServer.kra.groups:execute:allow (execute) group="Administrators":Admins may execute group operations +resourceACLS: certServer.kra.keys:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key operations +resourceACLS: certServer.kra.keyrequests:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key request operations +resourceACLS: certServer.kra.users:execute:allow (execute) group="Administrators":Admins may execute user operations diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties index a206aa9e4..d2ba3075e 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties +++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties @@ -4,13 +4,7 @@ # <Rest API URL> = <ACL Resource ID>,<ACL resource operation> # ex: /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute -/kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute -/kra/pki/keyrequests = certServer.kra.pki.keyrequests,read -/kra/pki/keyrequest = certServer.kra.pki.keyrequest,read -/kra/pki/keyrequest/archive = certServer.kra.pki.keyrequest.archive,execute -/kra/pki/keyrequest/recover = certServer.kra.pki.keyrequest.recover,execute -/kra/pki/keyrequest/approve = certServer.kra.pki.keyrequest.approve,execute -/kra/pki/keyrequest/reject = certServer.kra.pki.keyrequest.reject,execute -/kra/pki/keyrequest/cancel = certServer.kra.pki.keyrequest.cancel,execute -/kra/pki/keys = certServer.kra.pki.keys,read -/kra/pki/config/cert/transport = certServer.kra.pki.config.cert.transport,read +/kra/rest/admin/users = certServer.kra.users,execute +/kra/rest/admin/groups = certServer.kra.groups,execute +/kra/rest/agent/keys = certServer.kra.keys,execute +/kra/rest/agent/keyrequests = certServer.kra.keyrequests,execute diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml index 7b4072085..9208507c3 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/web.xml +++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml @@ -691,13 +691,15 @@ <param-value> ee </param-value> </init-param> </servlet> + <!-- ==================== RESTEasy Configuration =============== --> + <listener> <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class> </listener> <context-param> <param-name>resteasy.servlet.mapping.prefix</param-name> - <param-value>/pki</param-value> + <param-value>/rest</param-value> </context-param> <context-param> @@ -718,7 +720,7 @@ <servlet-mapping> <servlet-name>Resteasy</servlet-name> - <url-pattern>/pki/*</url-pattern> + <url-pattern>/rest/*</url-pattern> </servlet-mapping> <servlet-mapping> @@ -950,81 +952,40 @@ <session-timeout>30</session-timeout> </session-config> -<!-- Default login configuration uses form-based authentication --> -<!-- Security Constraint for agent access to the Security Data Rest Interface --> - -<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml --> -<!-- -<security-constraint> - <display-name>KRA Top Level Constraint</display-name> - <web-resource-collection> - <web-resource-name>KRA Protected Area</web-resource-name> - <url-pattern>/pki/* - </url-pattern> - </web-resource-collection> - <user-data-constraint> - <transport-guarantee>CONFIDENTIAL</transport-guarantee> - </user-data-constraint> - <auth-constraint> - <role-name>*</role-name> - </auth-constraint> -</security-constraint> ---> - -<!-- Security Constraint to deny certain http methods for key/retrieve --> -<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml --> -<!-- -<security-constraint> -<display-name>Key forbidden</display-name> -<web-resource-collection> - <web-resource-name>Key forbidden</web-resource-name> - <url-pattern>/pki/key/retrieve</url-pattern> - <http-method>GET</http-method> - <http-method>PUT</http-method> - <http-method>DELETE</http-method> -</web-resource-collection> -<auth-constraint/> -</security-constraint> ---> - -<!-- Security Constraint to deny certain http methods for keyrequest/* --> -<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml --> - -<!-- -<security-constraint> -<display-name>KeyRequest forbidden</display-name> -<web-resource-collection> - <web-resource-name>KeyRequest forbidden</web-resource-name> - <url-pattern>/pki/keyrequest/archive</url-pattern> - <url-pattern>/pki/keyrequest/recover</url-pattern> - <url-pattern>/pki/keyrequest/approve/*</url-pattern> - <url-pattern>/pki/keyrequest/reject/*</url-pattern> - <url-pattern>/pki/keyrequest/cancel/*</url-pattern> - <http-method>GET</http-method> - <http-method>PUT</http-method> - <http-method>DELETE</http-method> -</web-resource-collection> -<auth-constraint/> -</security-constraint> ---> - - -<!-- Customized SSL Client auth login config - uncomment to activate PKI realm as in conf/server.xml ---> - -<!-- - -<login-config> - <realm-name>PKIRealm</realm-name> - <auth-method>CLIENT-CERT</auth-method> - <realm-name>Client Cert Protected Area</realm-name> -</login-config> - -<security-role> - <role-name>*</role-name> -</security-role> - ---> + <!-- + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Services</web-resource-name> + <url-pattern>/rest/admin/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Agent Services</web-resource-name> + <url-pattern>/rest/agent/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <login-config> + <realm-name>Key Recovery Authority</realm-name> + </login-config> + + <security-role> + <role-name>*</role-name> + </security-role> + --> </web-app> |