diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-01 13:05:38 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-18 12:47:28 -0500 |
commit | 1a96cb363c87ec7c2e3caff407289dcfd323e31b (patch) | |
tree | 18c929a526396ddd401c13557d090b43bed17899 /base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java | |
parent | dd01437171044ecb4cdc63998250a4d9f3277119 (diff) | |
download | pki-1a96cb363c87ec7c2e3caff407289dcfd323e31b.tar.gz pki-1a96cb363c87ec7c2e3caff407289dcfd323e31b.tar.xz pki-1a96cb363c87ec7c2e3caff407289dcfd323e31b.zip |
Added authentication method validation.ticket-477-5
A new mechanism has been added to limit the authentication methods that
can be used to invoke the REST methods. The AuthMethodMapping annotation
maps each REST method to a list of allowed authentication methods defined
auth-method.properties. When a client calls a REST method, the AuthMethod-
Interceptor will intercept the call and verify that the client uses an
allowed authentication method.
For security reason, most REST methods that require authentication have been
configured to require client certificate authentication. Authentication using
username and password will only be used to get the installation token from
security domain.
The auth.properties have been renamed to acl.properties since it's used to
store ACL mappings.
Ticket #477
Diffstat (limited to 'base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java')
-rw-r--r-- | base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java index c30740260..dd4985eab 100644 --- a/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java +++ b/base/common/src/com/netscape/certsrv/acls/ACLInterceptor.java @@ -54,7 +54,7 @@ import com.netscape.cmscore.realm.PKIPrincipal; @Precedence("SECURITY") public class ACLInterceptor implements PreProcessInterceptor { - Properties authProperties; + Properties aclProperties; @Context ServletContext servletContext; @@ -62,13 +62,13 @@ public class ACLInterceptor implements PreProcessInterceptor { @Context SecurityContext securityContext; - public synchronized void loadAuthProperties() throws IOException { + public synchronized void loadACLProperties() throws IOException { - if (authProperties != null) return; + if (aclProperties != null) return; - URL url = servletContext.getResource("/WEB-INF/auth.properties"); - authProperties = new Properties(); - authProperties.load(url.openStream()); + URL url = servletContext.getResource("/WEB-INF/acl.properties"); + aclProperties = new Properties(); + aclProperties.load(url.openStream()); } @Override @@ -111,10 +111,10 @@ public class ACLInterceptor implements PreProcessInterceptor { } try { - loadAuthProperties(); + loadACLProperties(); String name = aclMapping.value(); - String value = authProperties.getProperty(name); + String value = aclProperties.getProperty(name); // If no property defined, allow request. if (value == null) return null; |