summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2013-02-01 13:05:38 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2013-02-18 14:15:58 -0500
commitba75a144f4c57c0e804fdd6e86eaae40e5822b14 (patch)
tree8e6f482f02a68171b3b49c84dffcb9634fb540ce
parentdb56da6d015d4fc040d73277c68fea590c5929b7 (diff)
downloadpki-ba75a144f4c57c0e804fdd6e86eaae40e5822b14.zip
pki-ba75a144f4c57c0e804fdd6e86eaae40e5822b14.tar.gz
pki-ba75a144f4c57c0e804fdd6e86eaae40e5822b14.tar.xz
Added configuration file for authentication method validation.ticket-477-6
The auth.properties have been converted into a configuration file to store the list of allowed authentication methods for each REST method. The old auth.properties have been renamed to acl.properties since it's used to store ACL mappings. Ticket #510
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/acl.properties (renamed from base/ca/shared/webapps/ca/WEB-INF/auth.properties)0
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/auth-method.properties11
-rw-r--r--base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java16
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/acl.properties (renamed from base/kra/shared/webapps/kra/WEB-INF/auth.properties)0
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/auth-method.properties10
-rw-r--r--base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties (renamed from base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties)0
-rw-r--r--base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties9
-rw-r--r--base/tks/shared/webapps/tks/WEB-INF/acl.properties (renamed from base/tks/shared/webapps/tks/WEB-INF/auth.properties)0
-rw-r--r--base/tks/shared/webapps/tks/WEB-INF/auth-method.properties9
9 files changed, 47 insertions, 8 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/acl.properties
index 20f3dd8..20f3dd8 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ b/base/ca/shared/webapps/ca/WEB-INF/acl.properties
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties b/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties
new file mode 100644
index 0000000..3a66587
--- /dev/null
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties
@@ -0,0 +1,11 @@
+# Restful API auth mapping info
+#
+# Format:
+# <mapping name> = <allowed auth methods>
+# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr
+
+default = *
+account = certUserDBAuthMgr,passwdUserDBAuthMgr
+admin = certUserDBAuthMgr
+agent = certUserDBAuthMgr
+securityDomain.installToken = passwdUserDBAuthMgr
diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
index c307402..dd4985e 100644
--- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
+++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java
@@ -54,7 +54,7 @@ import com.netscape.cmscore.realm.PKIPrincipal;
@Precedence("SECURITY")
public class ACLInterceptor implements PreProcessInterceptor {
- Properties authProperties;
+ Properties aclProperties;
@Context
ServletContext servletContext;
@@ -62,13 +62,13 @@ public class ACLInterceptor implements PreProcessInterceptor {
@Context
SecurityContext securityContext;
- public synchronized void loadAuthProperties() throws IOException {
+ public synchronized void loadACLProperties() throws IOException {
- if (authProperties != null) return;
+ if (aclProperties != null) return;
- URL url = servletContext.getResource("/WEB-INF/auth.properties");
- authProperties = new Properties();
- authProperties.load(url.openStream());
+ URL url = servletContext.getResource("/WEB-INF/acl.properties");
+ aclProperties = new Properties();
+ aclProperties.load(url.openStream());
}
@Override
@@ -111,10 +111,10 @@ public class ACLInterceptor implements PreProcessInterceptor {
}
try {
- loadAuthProperties();
+ loadACLProperties();
String name = aclMapping.value();
- String value = authProperties.getProperty(name);
+ String value = aclProperties.getProperty(name);
// If no property defined, allow request.
if (value == null) return null;
diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/acl.properties
index 952bdad..952bdad 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties
+++ b/base/kra/shared/webapps/kra/WEB-INF/acl.properties
diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth-method.properties b/base/kra/shared/webapps/kra/WEB-INF/auth-method.properties
new file mode 100644
index 0000000..29a2f23
--- /dev/null
+++ b/base/kra/shared/webapps/kra/WEB-INF/auth-method.properties
@@ -0,0 +1,10 @@
+# Restful API auth mapping info
+#
+# Format:
+# <mapping name> = <allowed auth methods>
+# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr
+
+default = *
+account = certUserDBAuthMgr,passwdUserDBAuthMgr
+admin = certUserDBAuthMgr
+agent = certUserDBAuthMgr
diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties
index 95fabba..95fabba 100644
--- a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties
+++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties
diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties
new file mode 100644
index 0000000..81e2440
--- /dev/null
+++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties
@@ -0,0 +1,9 @@
+# Restful API auth mapping info
+#
+# Format:
+# <mapping name> = <allowed auth methods>
+# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr
+
+default = *
+account = certUserDBAuthMgr,passwdUserDBAuthMgr
+admin = certUserDBAuthMgr
diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/acl.properties
index 6236713..6236713 100644
--- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties
+++ b/base/tks/shared/webapps/tks/WEB-INF/acl.properties
diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties b/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties
new file mode 100644
index 0000000..81e2440
--- /dev/null
+++ b/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties
@@ -0,0 +1,9 @@
+# Restful API auth mapping info
+#
+# Format:
+# <mapping name> = <allowed auth methods>
+# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr
+
+default = *
+account = certUserDBAuthMgr,passwdUserDBAuthMgr
+admin = certUserDBAuthMgr