diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-01 13:05:38 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-02 02:57:55 -0500 |
| commit | 1465ca82ef3436344992f8a428b5781c437b901a (patch) | |
| tree | 552409eefbcb078a1a60afe1c3a05658b3d2dbc3 /base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java | |
| parent | 4f7fb41fd393f00cf3931672d6f99be764a07f2e (diff) | |
| download | pki-ticket-474-6.tar.gz pki-ticket-474-6.tar.xz pki-ticket-474-6.zip | |
Added AuthMapping annotation.ticket-474-6
A new AuthMapping annotation has been added to configure the required
authentication methods to acces each REST method. The annotation maps each
method into a list of authentication methods in auth.properties.
For security reason, most REST methods that require authentication have been
configured to require client certificate authentication. Authentication using
username and password will only be used to get installation token from the
security domain.
Previously the auth.properties files were used to store ACL mappings. Now the
ACL mappings have been moved into acl.properties.
Ticket #477
Diffstat (limited to 'base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java')
| -rw-r--r-- | base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java index c30740260..dd4985eab 100644 --- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java +++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java @@ -54,7 +54,7 @@ import com.netscape.cmscore.realm.PKIPrincipal; @Precedence("SECURITY") public class ACLInterceptor implements PreProcessInterceptor { - Properties authProperties; + Properties aclProperties; @Context ServletContext servletContext; @@ -62,13 +62,13 @@ public class ACLInterceptor implements PreProcessInterceptor { @Context SecurityContext securityContext; - public synchronized void loadAuthProperties() throws IOException { + public synchronized void loadACLProperties() throws IOException { - if (authProperties != null) return; + if (aclProperties != null) return; - URL url = servletContext.getResource("/WEB-INF/auth.properties"); - authProperties = new Properties(); - authProperties.load(url.openStream()); + URL url = servletContext.getResource("/WEB-INF/acl.properties"); + aclProperties = new Properties(); + aclProperties.load(url.openStream()); } @Override @@ -111,10 +111,10 @@ public class ACLInterceptor implements PreProcessInterceptor { } try { - loadAuthProperties(); + loadACLProperties(); String name = aclMapping.value(); - String value = authProperties.getProperty(name); + String value = aclProperties.getProperty(name); // If no property defined, allow request. if (value == null) return null; |