summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-07-26 20:40:08 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-08-03 17:07:13 -0500
commiteca4d635e67eaf3c6878d35acfaaf11df53151e2 (patch)
tree32d947e0eeec6a36ea9cc1e7ebf0804b487da7e2
parent1d85941aa2f80f3da619504fe4310fe47cb5b036 (diff)
downloadpki-eca4d635e67eaf3c6878d35acfaaf11df53151e2.tar.gz
pki-eca4d635e67eaf3c6878d35acfaaf11df53151e2.tar.xz
pki-eca4d635e67eaf3c6878d35acfaaf11df53151e2.zip
Moved REST services into separate URLs.
To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/web.xml8
-rw-r--r--base/common/src/com/netscape/certsrv/group/GroupMemberResource.java6
-rw-r--r--base/common/src/com/netscape/certsrv/group/GroupResource.java8
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserCertResource.java6
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserResource.java8
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java6
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertResource.java20
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java2
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java3
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java25
-rw-r--r--base/common/src/com/netscape/cms/servlet/key/KeyResource.java10
-rw-r--r--base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java10
-rw-r--r--base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java35
-rw-r--r--base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java21
-rw-r--r--base/kra/functional/drmclient.py18
-rw-r--r--base/kra/shared/conf/acl.ldif14
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/auth.properties14
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/web.xml117
18 files changed, 142 insertions, 189 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index 8471d6cd4..7ec3932c9 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -1816,13 +1816,15 @@
<param-value> /agent/ca/doRevoke </param-value> </init-param>
</servlet>
+ <!-- ==================== RESTEasy Configuration =============== -->
+
<listener>
<listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
</listener>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
- <param-value>/pki</param-value>
+ <param-value>/rest</param-value>
</context-param>
<context-param>
@@ -1843,9 +1845,9 @@
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
- <url-pattern>/pki/*</url-pattern>
+ <url-pattern>/rest/*</url-pattern>
</servlet-mapping>
-
+
<servlet-mapping>
<servlet-name> caacl </servlet-name>
<url-pattern> /acl </url-pattern>
diff --git a/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java b/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java
index 51370f573..fb4293ffe 100644
--- a/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java
+++ b/base/common/src/com/netscape/certsrv/group/GroupMemberResource.java
@@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType;
/**
* @author Endi S. Dewata
*/
-@Path("/groups/{groupID}/members")
+@Path("admin/groups/{groupID}/members")
public interface GroupMemberResource {
@GET
@@ -51,12 +51,12 @@ public interface GroupMemberResource {
public Response addGroupMember(@PathParam("groupID") String groupID, String memberID);
@GET
- @Path("/{memberID}")
+ @Path("{memberID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public GroupMemberData getGroupMember(@PathParam("groupID") String groupID, @PathParam("memberID") String memberID);
@DELETE
- @Path("/{memberID}")
+ @Path("{memberID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void removeGroupMember(@PathParam("groupID") String groupID, @PathParam("memberID") String memberID);
}
diff --git a/base/common/src/com/netscape/certsrv/group/GroupResource.java b/base/common/src/com/netscape/certsrv/group/GroupResource.java
index 5889048ea..e0110e6a8 100644
--- a/base/common/src/com/netscape/certsrv/group/GroupResource.java
+++ b/base/common/src/com/netscape/certsrv/group/GroupResource.java
@@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType;
/**
* @author Endi S. Dewata
*/
-@Path("/groups")
+@Path("admin/groups")
public interface GroupResource {
@GET
@@ -51,19 +51,19 @@ public interface GroupResource {
public Response addGroup(GroupData groupData);
@GET
- @Path("/{groupID}")
+ @Path("{groupID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public GroupData getGroup(@PathParam("groupID") String groupID);
@POST
- @Path("/{groupID}")
+ @Path("{groupID}")
@ClientResponseType(entityType=GroupData.class)
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response modifyGroup(@PathParam("groupID") String groupID, GroupData groupData);
@DELETE
- @Path("/{groupID}")
+ @Path("{groupID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void removeGroup(@PathParam("groupID") String groupID);
}
diff --git a/base/common/src/com/netscape/certsrv/user/UserCertResource.java b/base/common/src/com/netscape/certsrv/user/UserCertResource.java
index b9339bc33..db463ea59 100644
--- a/base/common/src/com/netscape/certsrv/user/UserCertResource.java
+++ b/base/common/src/com/netscape/certsrv/user/UserCertResource.java
@@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType;
/**
* @author Endi S. Dewata
*/
-@Path("/users/{userID}/certs")
+@Path("admin/users/{userID}/certs")
public interface UserCertResource {
@GET
@@ -52,12 +52,12 @@ public interface UserCertResource {
public Response addUserCert(@PathParam("userID") String userID, UserCertData userCertData);
@GET
- @Path("/{certID}")
+ @Path("{certID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public UserCertData getUserCert(@PathParam("userID") String userID, @PathParam("certID") String certID);
@DELETE
- @Path("/{certID}")
+ @Path("{certID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void removeUserCert(@PathParam("userID") String userID, @PathParam("certID") String certID);
}
diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java
index fae700bc3..4a837165f 100644
--- a/base/common/src/com/netscape/certsrv/user/UserResource.java
+++ b/base/common/src/com/netscape/certsrv/user/UserResource.java
@@ -34,7 +34,7 @@ import org.jboss.resteasy.annotations.ClientResponseType;
/**
* @author Endi S. Dewata
*/
-@Path("/users")
+@Path("admin/users")
public interface UserResource {
@GET
@@ -51,19 +51,19 @@ public interface UserResource {
public Response addUser(UserData userData);
@GET
- @Path("/{userID}")
+ @Path("{userID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public UserData getUser(@PathParam("userID") String userID);
@POST
- @Path("/{userID}")
+ @Path("{userID}")
@ClientResponseType(entityType=UserData.class)
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response modifyUser(@PathParam("userID") String userID, UserData userData);
@DELETE
- @Path("/{userID}")
+ @Path("{userID}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void removeUser(@PathParam("userID") String userID);
}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java b/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
index d4cfcd296..aaf3fa129 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/SystemCertificateResource.java
@@ -10,16 +10,16 @@ import org.jboss.resteasy.annotations.ClientResponseType;
import com.netscape.cms.servlet.cert.model.CertificateData;
-@Path("/config/cert")
+@Path("config/cert")
public interface SystemCertificateResource {
/**
* Used to retrieve the transport certificate
*/
@GET
- @Path("/transport")
+ @Path("transport")
@ClientResponseType(entityType=CertificateData.class)
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getTransportCert();
} \ No newline at end of file
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
index 74e02c3ea..48650f05f 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
@@ -18,21 +18,23 @@ import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
import com.netscape.cms.servlet.cert.model.CertificateData;
import com.netscape.cms.servlet.request.model.CertRequestInfo;
-@Path("/certs")
+@Path("")
public interface CertResource {
+
public static final int DEFAULT_MAXTIME = 10;
public static final int DEFAULT_MAXRESULTS = 100;
@GET
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("certs")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertDataInfos listCerts(
@QueryParam("status") String status,
@DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults,
@DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime);
@POST
- @Path("search")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("certs/search")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertDataInfos searchCerts(
CertSearchData data,
@@ -40,24 +42,24 @@ public interface CertResource {
@DefaultValue(""+DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime);
@GET
- @Path("{id}")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("certs/{id}")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertificateData getCert(@PathParam("id") CertId id);
@POST
- @Path("{id}/revoke-ca")
+ @Path("agent/certs/{id}/revoke-ca")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertRequestInfo revokeCACert(@PathParam("id") CertId id, CertRevokeRequest request);
@POST
- @Path("{id}/revoke")
+ @Path("agent/certs/{id}/revoke")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertRequestInfo revokeCert(@PathParam("id") CertId id, CertRevokeRequest request);
@POST
- @Path("{id}/unrevoke")
+ @Path("agent/certs/{id}/unrevoke")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertRequestInfo unrevokeCert(@PathParam("id") CertId id, CertUnrevokeRequest request);
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
index 2317eac47..9d7f2f9ac 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
@@ -275,7 +275,7 @@ public abstract class CMSRestClient {
}
public <T> T createProxy(Class<T> clazz) throws URISyntaxException {
- URI uri = new URI(config.getServerURI()+"/pki");
+ URI uri = new URI(config.getServerURI()+"/rest");
return ProxyFactory.create(clazz, uri, executor, providerFactory);
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java
index d98d8f93d..63af4101a 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationErrorInterceptor.java
@@ -41,7 +41,8 @@ public class ConfigurationErrorInterceptor implements ClientErrorInterceptor {
String contentType = headers.getFirst("Content-Type");
// handle XML content only
- if (!contentType.startsWith(MediaType.TEXT_XML)) return;
+ System.out.println("Content-type: "+contentType);
+ if (!contentType.startsWith(MediaType.APPLICATION_XML)) return;
CMSException exception;
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java
index ff582561c..2918842c9 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigurationResource.java
@@ -14,7 +14,7 @@
//
// (C) 2012 Red Hat, Inc.
// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
+// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
import javax.ws.rs.Consumes;
@@ -33,34 +33,31 @@ import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest;
/**
* @author alee
- *
*/
-@Path("/installer")
+@Path("installer")
public interface SystemConfigurationResource {
-
+
@POST
@Path("configure")
- @Produces({ MediaType.TEXT_XML })
- @Consumes({ MediaType.APPLICATION_FORM_URLENCODED})
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
public ConfigurationResponseData configure(MultivaluedMap<String, String> form);
-
+
@POST
@Path("configure")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ConfigurationResponseData configure(ConfigurationData data);
-
+
@POST
@Path("installToken")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public InstallToken getInstallToken(InstallTokenRequest data);
-
+
@GET
@Path("domainInfo")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public DomainInfo getDomainInfo();
-
-
}
diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java b/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
index 9a9b5db1a..4d352eaea 100644
--- a/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
+++ b/base/common/src/com/netscape/cms/servlet/key/KeyResource.java
@@ -14,14 +14,14 @@ import com.netscape.cms.servlet.key.model.KeyData;
import com.netscape.cms.servlet.key.model.KeyDataInfos;
import com.netscape.cms.servlet.request.model.RecoveryRequestData;
-@Path("/keys")
+@Path("agent/keys")
public interface KeyResource {
public static final int DEFAULT_MAXTIME = 10;
public static final int DEFAULT_MAXRESULTS = 100;
@GET
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public KeyDataInfos listKeys(@QueryParam("clientID") String clientID,
@QueryParam("status") String status,
@DefaultValue(""+DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults,
@@ -35,14 +35,14 @@ public interface KeyResource {
*/
@POST
@Path("retrieve")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public KeyData retrieveKey(RecoveryRequestData data);
// retrieval - used to test integration with a browser
@POST
@Path("retrieve")
- @Produces(MediaType.TEXT_XML)
- @Consumes({ MediaType.APPLICATION_FORM_URLENCODED})
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
public KeyData retrieveKey(MultivaluedMap<String, String> form);
}
diff --git a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java b/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java
index e402aeadd..cc32234b2 100644
--- a/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java
+++ b/base/common/src/com/netscape/cms/servlet/profile/ProfileResource.java
@@ -9,16 +9,16 @@ import javax.ws.rs.core.MediaType;
import com.netscape.cms.servlet.profile.model.ProfileData;
import com.netscape.cms.servlet.profile.model.ProfileDataInfos;
-@Path("/profiles")
+@Path("agent/profiles")
public interface ProfileResource {
@GET
@Path("{id}")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ProfileData retrieveProfile(@PathParam("id") String id);
@GET
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ProfileDataInfos listProfiles();
/**
@@ -31,14 +31,14 @@ public interface ProfileResource {
/*
@POST
@Path("retrieve")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ProfileData retrieveProfile(ProfileRetrievalRequestData request);
// retrieval - used to test integration with a browser
@POST
@Path("retrieve")
- @Produces(MediaType.TEXT_XML)
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
public ProfileData retrievProfile(MultivaluedMap<String, String> form);
*/
diff --git a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java b/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java
index f35074738..fc06e5e10 100644
--- a/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java
+++ b/base/common/src/com/netscape/cms/servlet/request/CertRequestResource.java
@@ -34,7 +34,7 @@ import com.netscape.cms.servlet.request.model.CertRequestInfo;
import com.netscape.cms.servlet.request.model.CertRequestInfos;
import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
-@Path("/certrequests")
+@Path("")
public interface CertRequestResource {
public static final int DEFAULT_START = 0;
@@ -46,7 +46,8 @@ public interface CertRequestResource {
* Used to generate list of cert requests based on the search parameters
*/
@GET
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("agent/certrequests")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertRequestInfos listRequests(@QueryParam("requestState") String requestState,
@QueryParam("requestType") String requestType,
@DefaultValue("" + DEFAULT_START) @QueryParam("start") RequestId start,
@@ -58,60 +59,60 @@ public interface CertRequestResource {
* Used to retrieve cert request info for a specific request
*/
@GET
- @Path("{id}")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("certrequests/{id}")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertRequestInfo getRequestInfo(@PathParam("id") RequestId id);
@GET
- @Path("{id}/agentView")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("agent/certrequests/{id}")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public AgentEnrollmentRequestData reviewRequest(@PathParam("id") RequestId id);
// Enrollment - used to test integration with a browser
@POST
- @Path("enroll")
- @Produces({ MediaType.TEXT_XML })
+ @Path("certrequests")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
public CertRequestInfos enrollCert(MultivaluedMap<String, String> form);
@POST
- @Path("enroll")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Path("certrequests")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public CertRequestInfos enrollCert(EnrollmentRequestData data);
@POST
- @Path("{id}/approve")
+ @Path("agent/certrequests/{id}/approve")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void approveRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
@POST
- @Path("{id}/reject")
+ @Path("agent/certrequests/{id}/reject")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void rejectRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
@POST
- @Path("{id}/cancel")
+ @Path("agent/certrequests/{id}/cancel")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void cancelRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
@POST
- @Path("{id}/update")
+ @Path("agent/certrequests/{id}/update")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void updateRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
@POST
- @Path("{id}/validate")
+ @Path("agent/certrequests/{id}/validate")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void validateRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
@POST
- @Path("{id}/unassign")
+ @Path("agent/certrequests/{id}/unassign")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void unassignRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
@POST
- @Path("{id}/assign")
+ @Path("agent/certrequests/{id}/assign")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public void assignRequest(@PathParam("id") RequestId id, AgentEnrollmentRequestData data);
}
diff --git a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java b/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
index cf326540d..9ed2eb2a1 100644
--- a/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
+++ b/base/common/src/com/netscape/cms/servlet/request/KeyRequestResource.java
@@ -17,8 +17,9 @@ import com.netscape.cms.servlet.request.model.KeyRequestInfo;
import com.netscape.cms.servlet.request.model.KeyRequestInfos;
import com.netscape.cms.servlet.request.model.RecoveryRequestData;
-@Path("/keyrequests")
+@Path("agent/keyrequests")
public interface KeyRequestResource {
+
public final String SYMMETRIC_KEY_TYPE = "symmetricKey";
public final String PASS_PHRASE_TYPE = "passPhrase";
public final String ASYMMETRIC_KEY_TYPE = "asymmetricKey";
@@ -32,7 +33,7 @@ public interface KeyRequestResource {
* Used to generate list of key requests based on the search parameters
*/
@GET
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public KeyRequestInfos listRequests(@QueryParam("requestState") String requestState,
@QueryParam("requestType") String requestType,
@QueryParam("clientID") String clientID,
@@ -47,45 +48,45 @@ public interface KeyRequestResource {
*/
@GET
@Path("{id}")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public KeyRequestInfo getRequestInfo(@PathParam("id") RequestId id);
// Archiving - used to test integration with a browser
@POST
@Path("archive")
- @Produces({ MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_FORM_URLENCODED})
public KeyRequestInfo archiveKey(MultivaluedMap<String, String> form);
@POST
@Path("archive")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public KeyRequestInfo archiveKey(ArchivalRequestData data);
//Recovery - used to test integration with a browser
@POST
@Path("recover")
- @Produces({ MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_FORM_URLENCODED})
public KeyRequestInfo recoverKey(MultivaluedMap<String, String> form);
@POST
@Path("recover")
- @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public KeyRequestInfo recoverKey(RecoveryRequestData data);
@POST
- @Path("approve/{id}")
+ @Path("{id}/approve")
public void approveRequest(@PathParam("id") RequestId id);
@POST
- @Path("reject/{id}")
+ @Path("{id}/reject")
public void rejectRequest(@PathParam("id") RequestId id);
@POST
- @Path("cancel/{id}")
+ @Path("{id}/cancel")
public void cancelRequest(@PathParam("id") RequestId id);
}
diff --git a/base/kra/functional/drmclient.py b/base/kra/functional/drmclient.py
index 62940fdf2..3c7c12e30 100644
--- a/base/kra/functional/drmclient.py
+++ b/base/kra/functional/drmclient.py
@@ -612,7 +612,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keyrequests/archive',
+ self._request('/kra/rest/agent/keyrequests/archive',
self.kra_agent_port,
self.POST,
etree.tostring(request.getroot(), encoding='UTF-8'))
@@ -637,7 +637,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/config/cert/transport',
+ self._request('/kra/rest/config/cert/transport',
self.kra_agent_port,
self.GET,
None)
@@ -675,7 +675,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keys',
+ self._request('/kra/rest/agent/keys',
self.kra_agent_port,
self.GET,
get_args)
@@ -717,7 +717,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keyrequests',
+ self._request('/kra/rest/agent/keyrequests',
self.kra_agent_port,
self.GET,
get_args)
@@ -750,7 +750,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keyrequests/recover',
+ self._request('/kra/rest/agent/keyrequests/recover',
self.kra_agent_port,
self.POST,
etree.tostring(request.getroot(), encoding='UTF-8'))
@@ -798,7 +798,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keyrequests/approve/'+ request_id,
+ self._request('/kra/rest/agent/keyrequests/'+request_id+'/approve',
self.kra_agent_port,
self.POST,
None)
@@ -820,7 +820,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keyrequests/reject/'+ request_id,
+ self._request('/kra/rest/agent/keyrequests/'+request_id+'/reject',
self.kra_agent_port,
self.POST,
None)
@@ -842,7 +842,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keyrequests/cancel/'+ request_id,
+ self._request('/kra/rest/agent/keyrequests/'+request_id+'/cancel',
self.kra_agent_port,
self.POST,
None)
@@ -898,7 +898,7 @@ class kra:
#Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/pki/keys/retrieve',
+ self._request('/kra/rest/agent/keys/retrieve',
self.kra_agent_port,
self.POST,
etree.tostring(request.getroot(), encoding='UTF-8'))
diff --git a/base/kra/shared/conf/acl.ldif b/base/kra/shared/conf/acl.ldif
index 38a9a088c..ea70ffd21 100644
--- a/base/kra/shared/conf/acl.ldif
+++ b/base/kra/shared/conf/acl.ldif
@@ -30,13 +30,7 @@ resourceACLS: certServer.kra.TokenKeyRecovery:submit:allow (submit) group="Data
resourceACLS: certServer.kra.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent
resourceACLS: certServer.kra.getTransportCert:read:allow (read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to retrieve the transport cert
resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.
-resourceACLS: certServer.kra.pki.key.retrieve:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may retrieve archived key
-resourceACLS: certServer.kra.pki.keyrequests:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read keyrequests data
-resourceACLS: certServer.kra.pki.keyrequest:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read keyrequest data
-resourceACLS: certServer.kra.pki.keyrequest.archive:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may issue archival request
-resourceACLS: certServer.kra.pki.keyrequest.recover:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may issue recovery request
-resourceACLS: certServer.kra.pki.keyrequest.approve:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may approve security data request
-resourceACLS: certServer.kra.pki.keyrequest.reject:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may reject key security data request
-resourceACLS: certServer.kra.pki.keyrequest.cancel:execute:allow (execute) group="Data Recovery Manager Agents":Data Recovery Manager Agents may cancel security data request
-resourceACLS: certServer.kra.pki.keys:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read security data
-resourceACLS: certServer.kra.pki.config.cert.transport:read:allow (read) group="Data Recovery Manager Agents":Data Recovery Manager Agents may read transport cert data
+resourceACLS: certServer.kra.groups:execute:allow (execute) group="Administrators":Admins may execute group operations
+resourceACLS: certServer.kra.keys:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key operations
+resourceACLS: certServer.kra.keyrequests:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key request operations
+resourceACLS: certServer.kra.users:execute:allow (execute) group="Administrators":Admins may execute user operations
diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties
index a206aa9e4..d2ba3075e 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties
+++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties
@@ -4,13 +4,7 @@
# <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
# ex: /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute
-/kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute
-/kra/pki/keyrequests = certServer.kra.pki.keyrequests,read
-/kra/pki/keyrequest = certServer.kra.pki.keyrequest,read
-/kra/pki/keyrequest/archive = certServer.kra.pki.keyrequest.archive,execute
-/kra/pki/keyrequest/recover = certServer.kra.pki.keyrequest.recover,execute
-/kra/pki/keyrequest/approve = certServer.kra.pki.keyrequest.approve,execute
-/kra/pki/keyrequest/reject = certServer.kra.pki.keyrequest.reject,execute
-/kra/pki/keyrequest/cancel = certServer.kra.pki.keyrequest.cancel,execute
-/kra/pki/keys = certServer.kra.pki.keys,read
-/kra/pki/config/cert/transport = certServer.kra.pki.config.cert.transport,read
+/kra/rest/admin/users = certServer.kra.users,execute
+/kra/rest/admin/groups = certServer.kra.groups,execute
+/kra/rest/agent/keys = certServer.kra.keys,execute
+/kra/rest/agent/keyrequests = certServer.kra.keyrequests,execute
diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml
index 7b4072085..9208507c3 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/web.xml
+++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml
@@ -691,13 +691,15 @@
<param-value> ee </param-value> </init-param>
</servlet>
+ <!-- ==================== RESTEasy Configuration =============== -->
+
<listener>
<listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
</listener>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
- <param-value>/pki</param-value>
+ <param-value>/rest</param-value>
</context-param>
<context-param>
@@ -718,7 +720,7 @@
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
- <url-pattern>/pki/*</url-pattern>
+ <url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
@@ -950,81 +952,40 @@
<session-timeout>30</session-timeout>
</session-config>
-<!-- Default login configuration uses form-based authentication -->
-<!-- Security Constraint for agent access to the Security Data Rest Interface -->
-
-<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml -->
-<!--
-<security-constraint>
- <display-name>KRA Top Level Constraint</display-name>
- <web-resource-collection>
- <web-resource-name>KRA Protected Area</web-resource-name>
- <url-pattern>/pki/*
- </url-pattern>
- </web-resource-collection>
- <user-data-constraint>
- <transport-guarantee>CONFIDENTIAL</transport-guarantee>
- </user-data-constraint>
- <auth-constraint>
- <role-name>*</role-name>
- </auth-constraint>
-</security-constraint>
--->
-
-<!-- Security Constraint to deny certain http methods for key/retrieve -->
-<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml -->
-<!--
-<security-constraint>
-<display-name>Key forbidden</display-name>
-<web-resource-collection>
- <web-resource-name>Key forbidden</web-resource-name>
- <url-pattern>/pki/key/retrieve</url-pattern>
- <http-method>GET</http-method>
- <http-method>PUT</http-method>
- <http-method>DELETE</http-method>
-</web-resource-collection>
-<auth-constraint/>
-</security-constraint>
--->
-
-<!-- Security Constraint to deny certain http methods for keyrequest/* -->
-<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml -->
-
-<!--
-<security-constraint>
-<display-name>KeyRequest forbidden</display-name>
-<web-resource-collection>
- <web-resource-name>KeyRequest forbidden</web-resource-name>
- <url-pattern>/pki/keyrequest/archive</url-pattern>
- <url-pattern>/pki/keyrequest/recover</url-pattern>
- <url-pattern>/pki/keyrequest/approve/*</url-pattern>
- <url-pattern>/pki/keyrequest/reject/*</url-pattern>
- <url-pattern>/pki/keyrequest/cancel/*</url-pattern>
- <http-method>GET</http-method>
- <http-method>PUT</http-method>
- <http-method>DELETE</http-method>
-</web-resource-collection>
-<auth-constraint/>
-</security-constraint>
--->
-
-
-<!-- Customized SSL Client auth login config
- uncomment to activate PKI realm as in conf/server.xml
--->
-
-<!--
-
-<login-config>
- <realm-name>PKIRealm</realm-name>
- <auth-method>CLIENT-CERT</auth-method>
- <realm-name>Client Cert Protected Area</realm-name>
-</login-config>
-
-<security-role>
- <role-name>*</role-name>
-</security-role>
-
--->
+ <!--
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Services</web-resource-name>
+ <url-pattern>/rest/admin/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Agent Services</web-resource-name>
+ <url-pattern>/rest/agent/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <realm-name>Key Recovery Authority</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>*</role-name>
+ </security-role>
+ -->
</web-app>