Added REST account service.

A REST account service has been added to allow client to login
to establish a session and to logout to destroy the session. This
way multiple operations can be executed using the same session
without having to re-authenticate.

Ticket #357

2 files changed, 15 insertions, 0 deletions

diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
index b13795760..21ec281da 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
@@ -4,6 +4,8 @@
 # <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
 # ex:      /ca/pki/users = certServer.ca.users,read
 
+/ca/rest/account/login = certServer.ca.account,login
+/ca/rest/account/logout = certServer.ca.account,logout
 /ca/rest/admin/users = certServer.ca.users,execute
 /ca/rest/admin/groups = certServer.ca.groups,execute
 /ca/rest/agent/certs = certServer.ca.certs,execute
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index 9f876e5c2..47ad924c5 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -2387,6 +2387,19 @@
 
     <security-constraint>
         <web-resource-collection>
+            <web-resource-name>Account Services</web-resource-name>
+            <url-pattern>/rest/account/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
             <web-resource-name>Admin Services</web-resource-name>
             <url-pattern>/rest/admin/*</url-pattern>
         </web-resource-collection>