diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-01 13:05:38 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-02 02:57:55 -0500 |
commit | 1465ca82ef3436344992f8a428b5781c437b901a (patch) | |
tree | 552409eefbcb078a1a60afe1c3a05658b3d2dbc3 /base/ca/shared/webapps/ca/WEB-INF | |
parent | 4f7fb41fd393f00cf3931672d6f99be764a07f2e (diff) | |
download | pki-ticket-474-6.tar.gz pki-ticket-474-6.tar.xz pki-ticket-474-6.zip |
Added AuthMapping annotation.ticket-474-6
A new AuthMapping annotation has been added to configure the required
authentication methods to acces each REST method. The annotation maps each
method into a list of authentication methods in auth.properties.
For security reason, most REST methods that require authentication have been
configured to require client certificate authentication. Authentication using
username and password will only be used to get installation token from the
security domain.
Previously the auth.properties files were used to store ACL mappings. Now the
ACL mappings have been moved into acl.properties.
Ticket #477
Diffstat (limited to 'base/ca/shared/webapps/ca/WEB-INF')
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/acl.properties | 14 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/auth.properties | 19 |
2 files changed, 22 insertions, 11 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/acl.properties b/base/ca/shared/webapps/ca/WEB-INF/acl.properties new file mode 100644 index 000000000..20f3dd864 --- /dev/null +++ b/base/ca/shared/webapps/ca/WEB-INF/acl.properties @@ -0,0 +1,14 @@ +# Restful API authorization mapping info +# +# Format: +# <mapping name> = <resource ID>,<operation> +# ex: admin.users = certServer.ca.users,read + +account.login = certServer.ca.account,login +account.logout = certServer.ca.account,logout +admin.users = certServer.ca.users,execute +admin.groups = certServer.ca.groups,execute +admin.kraconnector = certServer.ca.connectorInfo,modify +agent.certrequests = certServer.ca.certrequests,execute +agent.certs = certServer.ca.certs,execute +securityDomain.installToken = certServer.securitydomain.domainxml,read diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index b73b9ac10..3a6658765 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -1,14 +1,11 @@ -# Restful API auth/authz mapping info +# Restful API auth mapping info # # Format: -# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation> -# ex: admin.users = certServer.ca.users,read +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr -account.login = certServer.ca.account,login -account.logout = certServer.ca.account,logout -admin.users = certServer.ca.users,execute -admin.groups = certServer.ca.groups,execute -admin.kraconnector = certServer.ca.connectorInfo,modify -agent.certrequests = certServer.ca.certrequests,execute -agent.certs = certServer.ca.certs,execute -securityDomain.installToken = certServer.securitydomain.domainxml,read +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr +agent = certUserDBAuthMgr +securityDomain.installToken = passwdUserDBAuthMgr |