diff options
author | Ade Lee <alee@redhat.com> | 2013-02-01 14:20:15 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2013-02-11 11:19:10 -0500 |
commit | 4cd35fd44d71305a985ad8616ffad0fd355af2bf (patch) | |
tree | 1a3fcedb747b97c113feb07e3293d4ed76addc95 /base/ca | |
parent | c483f48647eb190dce94866871b6ea933634e62d (diff) | |
download | pki-4cd35fd44d71305a985ad8616ffad0fd355af2bf.tar.gz pki-4cd35fd44d71305a985ad8616ffad0fd355af2bf.tar.xz pki-4cd35fd44d71305a985ad8616ffad0fd355af2bf.zip |
Add updateDomainXML to admin interface
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/shared/conf/acl.ldif | 2 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/web.xml | 24 |
2 files changed, 25 insertions, 1 deletions
diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif index 732179216..d5385e8e2 100644 --- a/base/ca/shared/conf/acl.ldif +++ b/base/ca/shared/conf/acl.ldif @@ -6,7 +6,7 @@ resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) g resourceACLS: certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify -resourceACLS: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml +resourceACLS: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter #resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter. resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index b922b3d98..7528c310d 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -192,6 +192,25 @@ </servlet> <servlet> + <servlet-name> caUpdateDomainXML-admin </servlet-name> + <servlet-class> com.netscape.cms.servlet.csadmin.UpdateDomainXML </servlet-class> + <init-param><param-name> GetClientCert </param-name> + <param-value> false </param-value> </init-param> + <init-param><param-name> authority </param-name> + <param-value> ca </param-value> </init-param> + <init-param><param-name> ID </param-name> + <param-value> caUpdateDomainXML </param-value> </init-param> + <init-param><param-name> interface </param-name> + <param-value> admin </param-value> </init-param> + <init-param><param-name> AuthMgr </param-name> + <param-value> TokenAuth </param-value> </init-param> + <init-param><param-name> AuthzMgr </param-name> + <param-value> BasicAclAuthz </param-value> </init-param> + <init-param><param-name> resourceID </param-name> + <param-value> certServer.securitydomain.domainxml </param-value> </init-param> + </servlet> + + <servlet> <servlet-name> caUpdateNumberRange </servlet-name> <servlet-class> com.netscape.cms.servlet.csadmin.UpdateNumberRange </servlet-class> <init-param><param-name> GetClientCert </param-name> @@ -1882,6 +1901,11 @@ <url-pattern> /agent/ca/updateDomainXML </url-pattern> </servlet-mapping> + <servlet-mapping> + <servlet-name> caUpdateDomainXML-admin </servlet-name> + <url-pattern> /admin/ca/updateDomainXML </url-pattern> + </servlet-mapping> + <servlet-mapping> <servlet-name> caUpdateNumberRange </servlet-name> <url-pattern> /admin/ca/updateNumberRange </url-pattern> |