diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-08-03 09:55:53 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-22 17:12:35 -0500 |
commit | c1f9b3999a3dc5020b08fa4106c6c3a632183de9 (patch) | |
tree | 0f704527ab7d26848851f6d47b12c8cbdd2995f9 /base/ca/shared | |
parent | 1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 (diff) | |
download | pki-c1f9b3999a3dc5020b08fa4106c6c3a632183de9.tar.gz pki-c1f9b3999a3dc5020b08fa4106c6c3a632183de9.tar.xz pki-c1f9b3999a3dc5020b08fa4106c6c3a632183de9.zip |
Enabled realm authentication for certificate requests.
The realm authentication on certificate request REST services has
been enabled. Since now in the CLI the authentication is done using
a separate login operation, it is now possible to POST the approval
data without the problem related to chunked message.
Ticket #300
Diffstat (limited to 'base/ca/shared')
-rw-r--r-- | base/ca/shared/conf/acl.ldif | 1 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/auth.properties | 1 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/web.xml | 2 |
3 files changed, 3 insertions, 1 deletions
diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif index 4807a4dcf..c7d71f9e6 100644 --- a/base/ca/shared/conf/acl.ldif +++ b/base/ca/shared/conf/acl.ldif @@ -52,6 +52,7 @@ resourceACLS: certServer.ca.registerUser:read,modify:allow (modify,read) group=" resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. resourceACLS: certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. resourceACLS: certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout +resourceACLS: certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations resourceACLS: certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations resourceACLS: certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations resourceACLS: certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index 21ec281da..116bc94bf 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -8,5 +8,6 @@ /ca/rest/account/logout = certServer.ca.account,logout /ca/rest/admin/users = certServer.ca.users,execute /ca/rest/admin/groups = certServer.ca.groups,execute +/ca/rest/agent/certrequests = certServer.ca.certrequests,execute /ca/rest/agent/certs = certServer.ca.certs,execute /ca/rest/securityDomain/installToken = certServer.securitydomain.domainxml,read diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index 47ad924c5..286d1e33f 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -2414,7 +2414,7 @@ <security-constraint> <web-resource-collection> <web-resource-name>Agent Services</web-resource-name> - <url-pattern>/rest/agent/certs/*</url-pattern> + <url-pattern>/rest/agent/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> |