diff options
| author | Ade Lee <alee@redhat.com> | 2013-10-08 17:02:50 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2013-10-09 23:10:10 -0400 |
| commit | dfbc59ad7c6b8285b42b249328db3211e00b6a5f (patch) | |
| tree | ca843f96b9eaa63995a112c31347857aa5b0cd84 | |
| parent | deb3dfb3dd2eb47f73efe74fcbc487f5f3796945 (diff) | |
| download | pki-dfbc59ad7c6b8285b42b249328db3211e00b6a5f.tar.gz pki-dfbc59ad7c6b8285b42b249328db3211e00b6a5f.tar.xz pki-dfbc59ad7c6b8285b42b249328db3211e00b6a5f.zip | |
fix auth and authz for Profiles REST API
Ticket 727
3 files changed, 11 insertions, 5 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index 20f3dd864..f3f54ae9b 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -11,4 +11,8 @@ admin.groups = certServer.ca.groups,execute admin.kraconnector = certServer.ca.connectorInfo,modify agent.certrequests = certServer.ca.certrequests,execute agent.certs = certServer.ca.certs,execute +profile.create = certServer.profile.configuration,modify +profile.delete = certServer.profile.configuration,modify +profile.modify = certServer.profile.configuration,modify +profile.approve = certServer.ca.request.profile,approve securityDomain.installToken = certServer.securitydomain.domainxml,read diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java index 5c733aa59..cc7b8153c 100644 --- a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java +++ b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java @@ -11,9 +11,11 @@ import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; +import com.netscape.certsrv.acls.ACLMapping; import com.netscape.certsrv.authentication.AuthMethodMapping; @Path("profiles") +@AuthMethodMapping("profiles") public interface ProfileResource { @GET @@ -26,27 +28,27 @@ public interface ProfileResource { public ProfileData retrieveProfile(@PathParam("id") String id); @POST - @AuthMethodMapping("admin") + @ACLMapping("profile.create") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void createProfile(ProfileData data); @POST @Path("{id}") - @AuthMethodMapping("agent") + @ACLMapping("profile.approve") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void modifyProfileState(@PathParam("id") String id, @QueryParam("action") String action); @PUT @Path("{id}") - @AuthMethodMapping("admin") + @ACLMapping("profile.modify") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void modifyProfile(@PathParam("id") String id, ProfileData data); @DELETE @Path("{id}") - @AuthMethodMapping("admin") + @ACLMapping("profile.delete") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void deleteProfile(@PathParam("id") String id); diff --git a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java index 257e0ae81..3f47d0c57 100644 --- a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java +++ b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java @@ -70,8 +70,8 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { authProperties.put("account", "certUserDBAuthMgr,passwdUserDBAuthMgr"); authProperties.put("admin", "certUserDBAuthMgr"); authProperties.put("agent", "certUserDBAuthMgr"); + authProperties.put("profiles", "certUserDBAuthMgr"); authProperties.put("securityDomain.installToken", "passwdUserDBAuthMgr"); - } else { authProperties.load(url.openStream()); } |