summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-08-03 09:55:53 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-10-22 17:12:35 -0500
commitc1f9b3999a3dc5020b08fa4106c6c3a632183de9 (patch)
tree0f704527ab7d26848851f6d47b12c8cbdd2995f9
parent1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 (diff)
downloadpki-c1f9b3999a3dc5020b08fa4106c6c3a632183de9.zip
pki-c1f9b3999a3dc5020b08fa4106c6c3a632183de9.tar.gz
pki-c1f9b3999a3dc5020b08fa4106c6c3a632183de9.tar.xz
Enabled realm authentication for certificate requests.
The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300
-rw-r--r--base/ca/shared/conf/acl.ldif1
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/auth.properties1
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/web.xml2
3 files changed, 3 insertions, 1 deletions
diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif
index 4807a4d..c7d71f9 100644
--- a/base/ca/shared/conf/acl.ldif
+++ b/base/ca/shared/conf/acl.ldif
@@ -52,6 +52,7 @@ resourceACLS: certServer.ca.registerUser:read,modify:allow (modify,read) group="
resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.
resourceACLS: certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.
resourceACLS: certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout
+resourceACLS: certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations
resourceACLS: certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations
resourceACLS: certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations
resourceACLS: certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
index 21ec281..116bc94 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
@@ -8,5 +8,6 @@
/ca/rest/account/logout = certServer.ca.account,logout
/ca/rest/admin/users = certServer.ca.users,execute
/ca/rest/admin/groups = certServer.ca.groups,execute
+/ca/rest/agent/certrequests = certServer.ca.certrequests,execute
/ca/rest/agent/certs = certServer.ca.certs,execute
/ca/rest/securityDomain/installToken = certServer.securitydomain.domainxml,read
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index 47ad924..286d1e3 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -2414,7 +2414,7 @@
<security-constraint>
<web-resource-collection>
<web-resource-name>Agent Services</web-resource-name>
- <url-pattern>/rest/agent/certs/*</url-pattern>
+ <url-pattern>/rest/agent/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>