diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-01 13:05:38 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-18 13:59:26 -0500 |
| commit | db56da6d015d4fc040d73277c68fea590c5929b7 (patch) | |
| tree | 686932298bfce30d8cdd10622f4b0fc51b554250 /base/ca | |
| parent | dd01437171044ecb4cdc63998250a4d9f3277119 (diff) | |
| download | pki-ticket-477-7.tar.gz pki-ticket-477-7.tar.xz pki-ticket-477-7.zip | |
Added authentication method validation.ticket-477-7
A new mechanism has been added to specify the authentication methods that
can be used to invoke the REST methods. The AuthMethodMapping annotation
maps each REST method to a list of allowed authentication methods. When a
client calls a REST method, the AuthMethodInterceptor will intercept the
call and verify that the client uses an allowed authentication method.
Most REST methods that require authentication have been configured to
require client certificate authentication. Authentication using username
and password will only be used to get the installation token from security
domain.
Ticket #477
Diffstat (limited to 'base/ca')
| -rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/auth.properties | 6 | ||||
| -rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index b73b9ac10..20f3dd864 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -1,8 +1,8 @@ -# Restful API auth/authz mapping info +# Restful API authorization mapping info # # Format: -# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation> -# ex: admin.users = certServer.ca.users,read +# <mapping name> = <resource ID>,<operation> +# ex: admin.users = certServer.ca.users,read account.login = certServer.ca.account,login account.logout = certServer.ca.account,logout diff --git a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java index 4c81ff925..7b45222d6 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java @@ -7,6 +7,7 @@ import javax.ws.rs.core.Application; import com.netscape.certsrv.acls.ACLInterceptor; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.authentication.AuthMethodInterceptor; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.PKIException; @@ -87,7 +88,8 @@ public class CertificateAuthorityApplication extends Application { // exception mapper classes.add(PKIException.Mapper.class); - // ACL interceptor + // interceptors + singletons.add(new AuthMethodInterceptor()); singletons.add(new ACLInterceptor()); } |