Added access control for TPS token.

The TPS token REST interface has been modified to require client certificate authentication. TPS admins, agents, and operators are allowed to view tokens, but only admins are allowed to add and remove tokens, and only agents are allowed to modify tokens.
author: Endi S. Dewata <edewata@redhat.com> 2013-10-11 14:51:57 -0400
committer: Endi S. Dewata <edewata@redhat.com> 2013-10-28 12:54:13 -0400
commit: bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a (patch)
tree: 7d28210db852bd91aa9681af4dd604f6194e0e9b /base/common/src/com/netscape/certsrv/tps
parent: 533029c934843c75d1a01561d3200cc41292aeda (diff)
download: pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.gz
pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.xz
pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
index 5f98845e3..000853623 100644
--- a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
+++ b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java
@@ -31,11 +31,16 @@ import javax.ws.rs.core.Response;
 
 import org.jboss.resteasy.annotations.ClientResponseType;
 
+import com.netscape.certsrv.acls.ACLMapping;
+import com.netscape.certsrv.authentication.AuthMethodMapping;
+
 
 /**
  * @author Endi S. Dewata
  */
 @Path("tokens")
+@AuthMethodMapping("tokens")
+@ACLMapping("tokens.read")
 public interface TokenResource {
 
     @GET
@@ -53,6 +58,7 @@ public interface TokenResource {
     @ClientResponseType(entityType=TokenData.class)
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    @ACLMapping("tokens.add")
     public Response addToken(TokenData tokenData);
 
     @PUT
@@ -60,6 +66,7 @@ public interface TokenResource {
     @ClientResponseType(entityType=TokenData.class)
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    @ACLMapping("tokens.modify")
     public Response updateToken(
             @PathParam("tokenID") String tokenID,
             TokenData tokenData);
@@ -69,6 +76,7 @@ public interface TokenResource {
     @ClientResponseType(entityType=TokenData.class)
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    @ACLMapping("tokens.modify")
     public Response modifyToken(
             @PathParam("tokenID") String tokenID,
             TokenModifyRequest request);
@@ -76,5 +84,6 @@ public interface TokenResource {
     @DELETE
     @Path("{tokenID}")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    @ACLMapping("tokens.remove")
     public void removeToken(@PathParam("tokenID") String tokenID);
 }
author	Endi S. Dewata <edewata@redhat.com>	2013-10-11 14:51:57 -0400
committer	Endi S. Dewata <edewata@redhat.com>	2013-10-28 12:54:13 -0400
commit	bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a (patch)
tree	7d28210db852bd91aa9681af4dd604f6194e0e9b /base/common/src/com/netscape/certsrv/tps
parent	533029c934843c75d1a01561d3200cc41292aeda (diff)
download	pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.gz pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.xz pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.zip