Added ACLInterceptor.

Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.

Ticket #287

1 files changed, 9 insertions, 9 deletions

diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
index 116bc94bf..08f5bea50 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
@@ -1,13 +1,13 @@
 # Restful API auth/authz mapping info
 #
 # Format:
-# <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
-# ex:      /ca/pki/users = certServer.ca.users,read
+# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation>
+# ex:      admin.users = certServer.ca.users,read
 
-/ca/rest/account/login = certServer.ca.account,login
-/ca/rest/account/logout = certServer.ca.account,logout
-/ca/rest/admin/users = certServer.ca.users,execute
-/ca/rest/admin/groups = certServer.ca.groups,execute
-/ca/rest/agent/certrequests = certServer.ca.certrequests,execute
-/ca/rest/agent/certs = certServer.ca.certs,execute
-/ca/rest/securityDomain/installToken = certServer.securitydomain.domainxml,read
+account.login = certServer.ca.account,login
+account.logout = certServer.ca.account,logout
+admin.users = certServer.ca.users,execute
+admin.groups = certServer.ca.groups,execute
+agent.certrequests = certServer.ca.certrequests,execute
+agent.certs = certServer.ca.certs,execute
+securityDomain.installToken = certServer.securitydomain.domainxml,read