Added REST account service.

A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
author: Endi Sukma Dewata <edewata@redhat.com> 2012-10-08 14:50:26 -0500
committer: Endi Sukma Dewata <edewata@redhat.com> 2012-10-22 17:12:20 -0500
commit: 1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 (patch)
tree: f9812748c4d5c8895a8da7be352983eb792ed000 /base/ca
parent: 1c45197227a0d54b525d4b40f66aa96aeb4f2e6a (diff)
download: pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.tar.gz
pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.tar.xz
pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.zip
4 files changed, 21 insertions, 0 deletions
diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif
index aec1447e5..4807a4dcf 100644
--- a/base/ca/shared/conf/acl.ldif
+++ b/base/ca/shared/conf/acl.ldif
@@ -51,6 +51,7 @@ resourceACLS: certServer.ca.connectorInfo:read,modify:allow (modify,read) group=
 resourceACLS: certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent
 resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.
 resourceACLS: certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.
+resourceACLS: certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout
 resourceACLS: certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations
 resourceACLS: certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations
 resourceACLS: certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
index b13795760..21ec281da 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
@@ -4,6 +4,8 @@
 # <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
 # ex:      /ca/pki/users = certServer.ca.users,read
 
+/ca/rest/account/login = certServer.ca.account,login
+/ca/rest/account/logout = certServer.ca.account,logout
 /ca/rest/admin/users = certServer.ca.users,execute
 /ca/rest/admin/groups = certServer.ca.groups,execute
 /ca/rest/agent/certs = certServer.ca.certs,execute
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index 9f876e5c2..47ad924c5 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -2387,6 +2387,19 @@
 
     <security-constraint>
         <web-resource-collection>
+            <web-resource-name>Account Services</web-resource-name>
+            <url-pattern>/rest/account/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
             <web-resource-name>Admin Services</web-resource-name>
             <url-pattern>/rest/admin/*</url-pattern>
         </web-resource-collection>
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
index 51d48cf5e..dc23042a2 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
@@ -9,6 +9,7 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.PKIException;
+import com.netscape.cms.servlet.account.AccountService;
 import com.netscape.cms.servlet.admin.GroupMemberService;
 import com.netscape.cms.servlet.admin.GroupService;
 import com.netscape.cms.servlet.admin.SystemCertService;
@@ -25,6 +26,10 @@ public class CertificateAuthorityApplication extends Application {
     private Set<Class<?>> classes = new HashSet<Class<?>>();
 
     public CertificateAuthorityApplication() {
+
+        // account
+        classes.add(AccountService.class);
+
         // installer
         classes.add(SystemConfigService.class);
author	Endi Sukma Dewata <edewata@redhat.com>	2012-10-08 14:50:26 -0500
committer	Endi Sukma Dewata <edewata@redhat.com>	2012-10-22 17:12:20 -0500
commit	1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 (patch)
tree	f9812748c4d5c8895a8da7be352983eb792ed000 /base/ca
parent	1c45197227a0d54b525d4b40f66aa96aeb4f2e6a (diff)
download	pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.tar.gz pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.tar.xz pki-1723a2ecd9d4d741ecd6d292712eeaea9d19bde9.zip