diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-09-06 16:33:48 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-18 10:06:54 -0500 |
commit | 168d95446c3a7ae8643128a51fa86dd326e3a6a8 (patch) | |
tree | adcadbfcb8947ed54e56628a7e92241566e70ac1 /base/ca | |
parent | d6634a7505df8358322b04b8892139195031e5eb (diff) | |
download | pki-168d95446c3a7ae8643128a51fa86dd326e3a6a8.tar.gz pki-168d95446c3a7ae8643128a51fa86dd326e3a6a8.tar.xz pki-168d95446c3a7ae8643128a51fa86dd326e3a6a8.zip |
Enabled authentication for security domain REST interface.
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.
Ticket #309
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/auth.properties | 1 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/web.xml | 13 | ||||
-rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java | 15 |
3 files changed, 29 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index ebb1c6c3f..b13795760 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -7,3 +7,4 @@ /ca/rest/admin/users = certServer.ca.users,execute /ca/rest/admin/groups = certServer.ca.groups,execute /ca/rest/agent/certs = certServer.ca.certs,execute +/ca/rest/securityDomain/installToken = certServer.securitydomain.domainxml,read diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index c1b2738c8..9f876e5c2 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -2411,6 +2411,19 @@ </user-data-constraint> </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Security Domain Services</web-resource-name> + <url-pattern>/rest/securityDomain/installToken</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + <login-config> <realm-name>Certificate Authority</realm-name> </login-config> diff --git a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java index bb6431907..51d48cf5e 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java @@ -5,6 +5,9 @@ import java.util.Set; import javax.ws.rs.core.Application; +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; import com.netscape.cms.servlet.admin.GroupMemberService; import com.netscape.cms.servlet.admin.GroupService; @@ -12,6 +15,7 @@ import com.netscape.cms.servlet.admin.SystemCertService; import com.netscape.cms.servlet.admin.UserCertService; import com.netscape.cms.servlet.admin.UserService; import com.netscape.cms.servlet.cert.CertService; +import com.netscape.cms.servlet.csadmin.SecurityDomainService; import com.netscape.cms.servlet.csadmin.SystemConfigService; import com.netscape.cms.servlet.profile.ProfileService; import com.netscape.cms.servlet.request.CertRequestService; @@ -40,6 +44,17 @@ public class CertificateAuthorityApplication extends Application { // system certs classes.add(SystemCertService.class); + // security domain + try { + IConfigStore cs = CMS.getConfigStore(); + String select = cs.getString("securitydomain.select"); + if ("new".equals(select)) { + classes.add(SecurityDomainService.class); + } + } catch (EBaseException e) { + CMS.debug(e); + } + // exception mapper classes.add(PKIException.Mapper.class); } |