diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2013-11-14 10:32:39 -0500 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2013-11-15 12:40:14 -0500 |
| commit | c73890c7c617732a84d009e117ff7aeab0133053 (patch) | |
| tree | 8d57b4b4f4a8707efb134f218648d2985ae112e9 | |
| parent | f93635bd0035f6273c8ca648bf073c650441030d (diff) | |
| download | pki-c73890c7c617732a84d009e117ff7aeab0133053.tar.gz pki-c73890c7c617732a84d009e117ff7aeab0133053.tar.xz pki-c73890c7c617732a84d009e117ff7aeab0133053.zip | |
Updated ACL and auth method mapping names.
The ACL and auth method mapping names in some resources have been
modified to be more consistent with those in other resources.
15 files changed, 73 insertions, 67 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index f10501692..24ed2d6a5 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -6,15 +6,15 @@ account.login = certServer.ca.account,login account.logout = certServer.ca.account,logout -admin.users = certServer.ca.users,execute -admin.groups = certServer.ca.groups,execute -admin.kraconnector = certServer.ca.connectorInfo,modify -agent.certrequests = certServer.ca.certrequests,execute -agent.certs = certServer.ca.certs,execute -profile.approve = certServer.ca.profile,approve -profile.create = certServer.profile.configuration,modify -profile.delete = certServer.profile.configuration,modify -profile.list = certServer.ee.profiles,list -profile.modify = certServer.profile.configuration,modify -profile.read = certServer.profile.configuration,read +certs = certServer.ca.certs,execute +certrequests = certServer.ca.certrequests,execute +groups = certServer.ca.groups,execute +kraconnectors = certServer.ca.connectorInfo,modify +profiles.approve = certServer.ca.profile,approve +profiles.create = certServer.profile.configuration,modify +profiles.delete = certServer.profile.configuration,modify +profiles.list = certServer.ee.profiles,list +profiles.modify = certServer.profile.configuration,modify +profiles.read = certServer.profile.configuration,read securityDomain.installToken = certServer.securitydomain.domainxml,read +users = certServer.ca.users,execute diff --git a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java index 7656080a1..8dc30bcdf 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java +++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java @@ -62,8 +62,8 @@ public interface CertRequestResource { @GET @Path("agent/certrequests") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public CertRequestInfos listRequests(@QueryParam("requestState") String requestState, @QueryParam("requestType") String requestType, @QueryParam("start") RequestId start, @@ -74,8 +74,8 @@ public interface CertRequestResource { @GET @Path("agent/certrequests/{id}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public CertReviewResponse reviewRequest(@PathParam("id") RequestId id); @GET @@ -93,50 +93,50 @@ public interface CertRequestResource { @POST @Path("agent/certrequests/{id}/approve") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void approveRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/reject") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void rejectRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/cancel") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void cancelRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/update") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void updateRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/validate") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void validateRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/unassign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void unassignRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/assign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void assignRequest(@PathParam("id") RequestId id, CertReviewResponse data); } diff --git a/base/common/src/com/netscape/certsrv/cert/CertResource.java b/base/common/src/com/netscape/certsrv/cert/CertResource.java index b5b282b18..9f527e130 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertResource.java +++ b/base/common/src/com/netscape/certsrv/cert/CertResource.java @@ -43,31 +43,31 @@ public interface CertResource { @GET @Path("agent/certs/{id}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertData reviewCert(@PathParam("id") CertId id); @POST @Path("agent/certs/{id}/revoke-ca") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertRequestInfo revokeCACert(@PathParam("id") CertId id, CertRevokeRequest request); @POST @Path("agent/certs/{id}/revoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertRequestInfo revokeCert(@PathParam("id") CertId id, CertRevokeRequest request); @POST @Path("agent/certs/{id}/unrevoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertRequestInfo unrevokeCert(@PathParam("id") CertId id, CertUnrevokeRequest request); } diff --git a/base/common/src/com/netscape/certsrv/group/GroupResource.java b/base/common/src/com/netscape/certsrv/group/GroupResource.java index ea59922a5..12c90228b 100644 --- a/base/common/src/com/netscape/certsrv/group/GroupResource.java +++ b/base/common/src/com/netscape/certsrv/group/GroupResource.java @@ -38,8 +38,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; * @author Endi S. Dewata */ @Path("admin/groups") -@ACLMapping("admin.groups") -@AuthMethodMapping("admin") +@ACLMapping("groups") +@AuthMethodMapping("groups") public interface GroupResource { @GET diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java index b7bea7057..9256ac461 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java @@ -18,8 +18,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; import com.netscape.certsrv.request.RequestId; @Path("agent/keyrequests") -@ACLMapping("agent.keyrequests") -@AuthMethodMapping("agent") +@ACLMapping("keyrequests") +@AuthMethodMapping("keyrequests") public interface KeyRequestResource { public final String SYMMETRIC_KEY_TYPE = "symmetricKey"; diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java index a574abb65..c420e0d45 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java @@ -14,8 +14,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; @Path("agent/keys") -@ACLMapping("agent.keys") -@AuthMethodMapping("agent") +@ACLMapping("keys") +@AuthMethodMapping("keys") public interface KeyResource { @GET diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java index 5af61bff7..39ed0e6e2 100644 --- a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java +++ b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java @@ -22,7 +22,7 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; public interface ProfileResource { @GET - @ACLMapping("profile.list") + @ACLMapping("profiles.list") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileDataInfos listProfiles( @QueryParam("start") Integer start, @@ -30,34 +30,34 @@ public interface ProfileResource { @GET @Path("{id}") - @ACLMapping("profile.read") + @ACLMapping("profiles.read") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileData retrieveProfile(@PathParam("id") String id); @POST @ClientResponseType(entityType=ProfileData.class) - @ACLMapping("profile.create") + @ACLMapping("profiles.create") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response createProfile(ProfileData data); @POST @Path("{id}") - @ACLMapping("profile.approve") + @ACLMapping("profiles.approve") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void modifyProfileState(@PathParam("id") String id, @QueryParam("action") String action); @PUT @Path("{id}") @ClientResponseType(entityType=ProfileData.class) - @ACLMapping("profile.modify") + @ACLMapping("profiles.modify") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response modifyProfile(@PathParam("id") String id, ProfileData data); @DELETE @Path("{id}") - @ACLMapping("profile.delete") + @ACLMapping("profiles.delete") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void deleteProfile(@PathParam("id") String id); diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java index 0799b55a6..474994e9e 100644 --- a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java +++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java @@ -32,8 +32,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; * @author Ade Lee */ @Path("admin/kraconnector") -@ACLMapping("admin.kraconnector") -@AuthMethodMapping("admin") +@ACLMapping("kraconnectors") +@AuthMethodMapping("kraconnectors") public interface KRAConnectorResource { @POST diff --git a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java index aeee39071..441e6f303 100644 --- a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java +++ b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java @@ -39,7 +39,7 @@ import com.netscape.certsrv.key.KeyData; * @author Ade Lee */ @Path("/admin/tps-connectors") -@AuthMethodMapping("admin") +@AuthMethodMapping("tpsconnectors") public interface TPSConnectorResource { @GET @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java index 961f5ebda..19db939dd 100644 --- a/base/common/src/com/netscape/certsrv/user/UserResource.java +++ b/base/common/src/com/netscape/certsrv/user/UserResource.java @@ -38,8 +38,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; * @author Endi S. Dewata */ @Path("admin/users") -@ACLMapping("admin.users") -@AuthMethodMapping("admin") +@ACLMapping("users") +@AuthMethodMapping("users") public interface UserResource { public static final String ATTR_TPS_PROFILES = "tpsProfiles"; diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties index 952bdad33..77b7df8bd 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties +++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties @@ -6,7 +6,7 @@ account.login = certServer.kra.account,login account.logout = certServer.kra.account,logout -admin.users = certServer.kra.users,execute -admin.groups = certServer.kra.groups,execute -agent.keys = certServer.kra.keys,execute -agent.keyrequests = certServer.kra.keyrequests,execute +groups = certServer.kra.groups,execute +keys = certServer.kra.keys,execute +keyrequests = certServer.kra.keyrequests,execute +users = certServer.kra.users,execute diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties index 95fabba72..9e138cb5a 100644 --- a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties @@ -6,5 +6,5 @@ account.login = certServer.ocsp.account,login account.logout = certServer.ocsp.account,logout -admin.users = certServer.ocsp.users,execute -admin.groups = certServer.ocsp.groups,execute +groups = certServer.ocsp.groups,execute +users = certServer.ocsp.users,execute diff --git a/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java index 8b81b429a..75159f375 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java +++ b/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java @@ -68,15 +68,21 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { if (url == null) { authMethodProperties.put("default", "*"); authMethodProperties.put("account", "certUserDBAuthMgr,passwdUserDBAuthMgr"); - authMethodProperties.put("admin", "certUserDBAuthMgr"); - authMethodProperties.put("agent", "certUserDBAuthMgr"); + authMethodProperties.put("authenticators", "certUserDBAuthMgr"); + authMethodProperties.put("certs", "certUserDBAuthMgr"); + authMethodProperties.put("certrequests", "certUserDBAuthMgr"); authMethodProperties.put("config", "certUserDBAuthMgr"); authMethodProperties.put("connections", "certUserDBAuthMgr"); - authMethodProperties.put("authenticators", "certUserDBAuthMgr"); + authMethodProperties.put("groups", "certUserDBAuthMgr"); + authMethodProperties.put("keys", "certUserDBAuthMgr"); + authMethodProperties.put("keyrequests", "certUserDBAuthMgr"); + authMethodProperties.put("kraconnectors", "certUserDBAuthMgr"); authMethodProperties.put("profiles", "certUserDBAuthMgr"); authMethodProperties.put("securityDomain.installToken", "passwdUserDBAuthMgr"); authMethodProperties.put("selftests", "certUserDBAuthMgr"); authMethodProperties.put("tokens", "certUserDBAuthMgr"); + authMethodProperties.put("tpsconnectors", "certUserDBAuthMgr"); + authMethodProperties.put("users", "certUserDBAuthMgr"); } else { authMethodProperties.load(url.openStream()); diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/auth.properties index 62367135e..cf3d27b74 100644 --- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties +++ b/base/tks/shared/webapps/tks/WEB-INF/auth.properties @@ -6,5 +6,5 @@ account.login = certServer.tks.account,login account.logout = certServer.tks.account,logout -admin.users = certServer.tks.users,execute -admin.groups = certServer.tks.groups,execute +groups = certServer.tks.groups,execute +users = certServer.tks.users,execute diff --git a/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties b/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties index bc64a58f0..e986b87a3 100644 --- a/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties +++ b/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties @@ -6,8 +6,6 @@ account.login = certServer.tps.account,login account.logout = certServer.tps.account,logout -admin.users = certServer.tps.users,execute -admin.groups = certServer.tps.groups,execute authenticators.read = certServer.tps.authenticators,read authenticators.add = certServer.tps.authenticators,add authenticators.modify = certServer.tps.authenticators,modify @@ -18,6 +16,7 @@ connections.read = certServer.tps.connections,read connections.add = certServer.tps.connections,add connections.modify = certServer.tps.connections,modify connections.remove = certServer.tps.connections,remove +groups = certServer.tps.groups,execute profiles.read = certServer.tps.profiles,read profiles.add = certServer.tps.profiles,add profiles.modify = certServer.tps.profiles,modify @@ -29,3 +28,4 @@ tokens.read = certServer.tps.tokens,read tokens.add = certServer.tps.tokens,add tokens.modify = certServer.tps.tokens,modify tokens.remove = certServer.tps.tokens,remove +users = certServer.tps.users,execute |