diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-10-10 04:38:05 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-08 11:20:05 -0500 |
commit | cb209df95c4dee11f2a912e20b417fa3bc41c88f (patch) | |
tree | b50824cdfd3bc4ec3db905b94ef7750d9ff74844 /base/common/src/com/netscape/certsrv/cert | |
parent | 906acfd2c82d195a7c55a2af7c4d7abe8ed2655a (diff) | |
download | pki-cb209df95c4dee11f2a912e20b417fa3bc41c88f.tar.gz pki-cb209df95c4dee11f2a912e20b417fa3bc41c88f.tar.xz pki-cb209df95c4dee11f2a912e20b417fa3bc41c88f.zip |
Added ACLInterceptor.
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.
Ticket #287
Diffstat (limited to 'base/common/src/com/netscape/certsrv/cert')
-rw-r--r-- | base/common/src/com/netscape/certsrv/cert/CertRequestResource.java | 24 | ||||
-rw-r--r-- | base/common/src/com/netscape/certsrv/cert/CertResource.java | 4 |
2 files changed, 18 insertions, 10 deletions
diff --git a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java index 1a186f627..0bd285136 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java +++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java @@ -18,7 +18,6 @@ package com.netscape.certsrv.cert; import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; @@ -28,28 +27,25 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; +import com.netscape.certsrv.acls.ACLMapping; import com.netscape.certsrv.request.RequestId; @Path("") public interface CertRequestResource { - public static final int DEFAULT_START = 0; - public static final int DEFAULT_PAGESIZE = 20; - public static final int DEFAULT_MAXRESULTS = 100; - public static final int DEFAULT_MAXTIME = 10; - /** * Used to generate list of cert requests based on the search parameters */ @GET @Path("agent/certrequests") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public CertRequestInfos listRequests(@QueryParam("requestState") String requestState, @QueryParam("requestType") String requestType, - @DefaultValue("" + DEFAULT_START) @QueryParam("start") RequestId start, - @DefaultValue("" + DEFAULT_PAGESIZE) @QueryParam("pageSize") int pageSize, - @DefaultValue("" + DEFAULT_MAXRESULTS) @QueryParam("maxResults") int maxResults, - @DefaultValue("" + DEFAULT_MAXTIME) @QueryParam("maxTime") int maxTime); + @QueryParam("start") RequestId start, + @QueryParam("pageSize") Integer pageSize, + @QueryParam("maxResults") Integer maxResults, + @QueryParam("maxTime") Integer maxTime); /** * Used to retrieve cert request info for a specific request @@ -62,6 +58,7 @@ public interface CertRequestResource { @GET @Path("agent/certrequests/{id}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public CertReviewResponse reviewRequest(@PathParam("id") RequestId id); // Enrollment - used to test integration with a browser @@ -80,35 +77,42 @@ public interface CertRequestResource { @POST @Path("agent/certrequests/{id}/approve") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void approveRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/reject") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void rejectRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/cancel") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void cancelRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/update") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void updateRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/validate") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void validateRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/unassign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void unassignRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/assign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certrequests") public void assignRequest(@PathParam("id") RequestId id, CertReviewResponse data); } diff --git a/base/common/src/com/netscape/certsrv/cert/CertResource.java b/base/common/src/com/netscape/certsrv/cert/CertResource.java index 1d5958824..53e06ca6e 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertResource.java +++ b/base/common/src/com/netscape/certsrv/cert/CertResource.java @@ -10,6 +10,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; +import com.netscape.certsrv.acls.ACLMapping; import com.netscape.certsrv.dbs.certdb.CertId; @Path("") @@ -44,17 +45,20 @@ public interface CertResource { @Path("agent/certs/{id}/revoke-ca") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certs") public CertRequestInfo revokeCACert(@PathParam("id") CertId id, CertRevokeRequest request); @POST @Path("agent/certs/{id}/revoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certs") public CertRequestInfo revokeCert(@PathParam("id") CertId id, CertRevokeRequest request); @POST @Path("agent/certs/{id}/unrevoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("agent.certs") public CertRequestInfo unrevokeCert(@PathParam("id") CertId id, CertUnrevokeRequest request); } |