diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-10-11 14:51:57 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-10-28 12:54:13 -0400 |
commit | bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a (patch) | |
tree | 7d28210db852bd91aa9681af4dd604f6194e0e9b /base/common/src/com/netscape/certsrv/tps | |
parent | 533029c934843c75d1a01561d3200cc41292aeda (diff) | |
download | pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.gz pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.xz pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.zip |
Added access control for TPS token.
The TPS token REST interface has been modified to require client certificate
authentication. TPS admins, agents, and operators are allowed to view tokens,
but only admins are allowed to add and remove tokens, and only agents are
allowed to modify tokens.
Diffstat (limited to 'base/common/src/com/netscape/certsrv/tps')
-rw-r--r-- | base/common/src/com/netscape/certsrv/tps/token/TokenResource.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java index 5f98845e3..000853623 100644 --- a/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java +++ b/base/common/src/com/netscape/certsrv/tps/token/TokenResource.java @@ -31,11 +31,16 @@ import javax.ws.rs.core.Response; import org.jboss.resteasy.annotations.ClientResponseType; +import com.netscape.certsrv.acls.ACLMapping; +import com.netscape.certsrv.authentication.AuthMethodMapping; + /** * @author Endi S. Dewata */ @Path("tokens") +@AuthMethodMapping("tokens") +@ACLMapping("tokens.read") public interface TokenResource { @GET @@ -53,6 +58,7 @@ public interface TokenResource { @ClientResponseType(entityType=TokenData.class) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("tokens.add") public Response addToken(TokenData tokenData); @PUT @@ -60,6 +66,7 @@ public interface TokenResource { @ClientResponseType(entityType=TokenData.class) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("tokens.modify") public Response updateToken( @PathParam("tokenID") String tokenID, TokenData tokenData); @@ -69,6 +76,7 @@ public interface TokenResource { @ClientResponseType(entityType=TokenData.class) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("tokens.modify") public Response modifyToken( @PathParam("tokenID") String tokenID, TokenModifyRequest request); @@ -76,5 +84,6 @@ public interface TokenResource { @DELETE @Path("{tokenID}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ACLMapping("tokens.remove") public void removeToken(@PathParam("tokenID") String tokenID); } |