diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-03-28 00:15:28 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-04 00:29:44 +0200 |
| commit | 8e7653987bf592ae6a5968fc0c5ef6696f13d348 (patch) | |
| tree | 09d12569579164c785bd30f7eea76822eadb2e77 /base/ca | |
| parent | 5bcfd93bac70def54a1224f4a89c50ed7c11316a (diff) | |
| download | pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.gz pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.xz pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.zip | |
Added audit service and CLI to all subsystems.
Previously the audit service and CLI were only available on TPS.
Now they have been added to all subsystems.
Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
Diffstat (limited to 'base/ca')
| -rw-r--r-- | base/ca/shared/conf/acl.properties | 5 | ||||
| -rw-r--r-- | base/ca/shared/conf/auth-method.properties | 1 | ||||
| -rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/web.xml | 13 | ||||
| -rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java | 4 |
4 files changed, 23 insertions, 0 deletions
diff --git a/base/ca/shared/conf/acl.properties b/base/ca/shared/conf/acl.properties index 8b3e9d0ee..c487e4802 100644 --- a/base/ca/shared/conf/acl.properties +++ b/base/ca/shared/conf/acl.properties @@ -7,6 +7,11 @@ account.login = certServer.ca.account,login account.logout = certServer.ca.account,logout + +# audit configuration +audit.read = certServer.log.configuration,read +audit.modify = certServer.log.configuration,modify + certs = certServer.ca.certs,execute certrequests = certServer.ca.certrequests,execute groups = certServer.ca.groups,execute diff --git a/base/ca/shared/conf/auth-method.properties b/base/ca/shared/conf/auth-method.properties index 8d67690af..f7b203dd7 100644 --- a/base/ca/shared/conf/auth-method.properties +++ b/base/ca/shared/conf/auth-method.properties @@ -8,6 +8,7 @@ default = * account = certUserDBAuthMgr,passwdUserDBAuthMgr +audit = certUserDBAuthMgr authorities = certUserDBAuthMgr certs = certUserDBAuthMgr certrequests = certUserDBAuthMgr diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index d887db46b..bf8aed40f 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -2417,6 +2417,19 @@ <security-constraint> <web-resource-collection> + <web-resource-name>Audit</web-resource-name> + <url-pattern>/rest/audit/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> <web-resource-name>Authority Services</web-resource-name> <url-pattern>/rest/authorities/*</url-pattern> </web-resource-collection> diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java index b0fc73ce9..ae18e0230 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java @@ -7,6 +7,7 @@ import javax.ws.rs.core.Application; import org.dogtagpki.server.rest.ACLInterceptor; import org.dogtagpki.server.rest.AccountService; +import org.dogtagpki.server.rest.AuditService; import org.dogtagpki.server.rest.AuthMethodInterceptor; import org.dogtagpki.server.rest.FeatureService; import org.dogtagpki.server.rest.GroupService; @@ -32,6 +33,9 @@ public class CAApplication extends Application { // account classes.add(AccountService.class); + // audit + classes.add(AuditService.class); + // installer classes.add(CAInstallerService.class); |