diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-01 13:05:38 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-18 14:15:58 -0500 |
commit | ba75a144f4c57c0e804fdd6e86eaae40e5822b14 (patch) | |
tree | 8e6f482f02a68171b3b49c84dffcb9634fb540ce | |
parent | db56da6d015d4fc040d73277c68fea590c5929b7 (diff) | |
download | pki-ticket-477-6.tar.gz pki-ticket-477-6.tar.xz pki-ticket-477-6.zip |
Added configuration file for authentication method validation.ticket-477-6
The auth.properties have been converted into a configuration file to store the
list of allowed authentication methods for each REST method.
The old auth.properties have been renamed to acl.properties since it's used to
store ACL mappings.
Ticket #510
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/acl.properties (renamed from base/ca/shared/webapps/ca/WEB-INF/auth.properties) | 0 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/auth-method.properties | 11 | ||||
-rw-r--r-- | base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java | 16 | ||||
-rw-r--r-- | base/kra/shared/webapps/kra/WEB-INF/acl.properties (renamed from base/kra/shared/webapps/kra/WEB-INF/auth.properties) | 0 | ||||
-rw-r--r-- | base/kra/shared/webapps/kra/WEB-INF/auth-method.properties | 10 | ||||
-rw-r--r-- | base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties (renamed from base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties) | 0 | ||||
-rw-r--r-- | base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties | 9 | ||||
-rw-r--r-- | base/tks/shared/webapps/tks/WEB-INF/acl.properties (renamed from base/tks/shared/webapps/tks/WEB-INF/auth.properties) | 0 | ||||
-rw-r--r-- | base/tks/shared/webapps/tks/WEB-INF/auth-method.properties | 9 |
9 files changed, 47 insertions, 8 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/acl.properties index 20f3dd864..20f3dd864 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/acl.properties diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties b/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties new file mode 100644 index 000000000..3a6658765 --- /dev/null +++ b/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties @@ -0,0 +1,11 @@ +# Restful API auth mapping info +# +# Format: +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr +agent = certUserDBAuthMgr +securityDomain.installToken = passwdUserDBAuthMgr diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java index c30740260..dd4985eab 100644 --- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java +++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java @@ -54,7 +54,7 @@ import com.netscape.cmscore.realm.PKIPrincipal; @Precedence("SECURITY") public class ACLInterceptor implements PreProcessInterceptor { - Properties authProperties; + Properties aclProperties; @Context ServletContext servletContext; @@ -62,13 +62,13 @@ public class ACLInterceptor implements PreProcessInterceptor { @Context SecurityContext securityContext; - public synchronized void loadAuthProperties() throws IOException { + public synchronized void loadACLProperties() throws IOException { - if (authProperties != null) return; + if (aclProperties != null) return; - URL url = servletContext.getResource("/WEB-INF/auth.properties"); - authProperties = new Properties(); - authProperties.load(url.openStream()); + URL url = servletContext.getResource("/WEB-INF/acl.properties"); + aclProperties = new Properties(); + aclProperties.load(url.openStream()); } @Override @@ -111,10 +111,10 @@ public class ACLInterceptor implements PreProcessInterceptor { } try { - loadAuthProperties(); + loadACLProperties(); String name = aclMapping.value(); - String value = authProperties.getProperty(name); + String value = aclProperties.getProperty(name); // If no property defined, allow request. if (value == null) return null; diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/acl.properties index 952bdad33..952bdad33 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties +++ b/base/kra/shared/webapps/kra/WEB-INF/acl.properties diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth-method.properties b/base/kra/shared/webapps/kra/WEB-INF/auth-method.properties new file mode 100644 index 000000000..29a2f2381 --- /dev/null +++ b/base/kra/shared/webapps/kra/WEB-INF/auth-method.properties @@ -0,0 +1,10 @@ +# Restful API auth mapping info +# +# Format: +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr +agent = certUserDBAuthMgr diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties index 95fabba72..95fabba72 100644 --- a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties new file mode 100644 index 000000000..81e24403f --- /dev/null +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties @@ -0,0 +1,9 @@ +# Restful API auth mapping info +# +# Format: +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/acl.properties index 62367135e..62367135e 100644 --- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties +++ b/base/tks/shared/webapps/tks/WEB-INF/acl.properties diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties b/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties new file mode 100644 index 000000000..81e24403f --- /dev/null +++ b/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties @@ -0,0 +1,9 @@ +# Restful API auth mapping info +# +# Format: +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr |