summaryrefslogtreecommitdiffstats
path: root/base/kra/shared/webapps/kra/WEB-INF/acl.properties
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2013-02-01 13:05:38 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2013-02-02 02:57:55 -0500
commit1465ca82ef3436344992f8a428b5781c437b901a (patch)
tree552409eefbcb078a1a60afe1c3a05658b3d2dbc3 /base/kra/shared/webapps/kra/WEB-INF/acl.properties
parent4f7fb41fd393f00cf3931672d6f99be764a07f2e (diff)
downloadpki-1465ca82ef3436344992f8a428b5781c437b901a.zip
pki-1465ca82ef3436344992f8a428b5781c437b901a.tar.gz
pki-1465ca82ef3436344992f8a428b5781c437b901a.tar.xz
Added AuthMapping annotation.ticket-474-6
A new AuthMapping annotation has been added to configure the required authentication methods to acces each REST method. The annotation maps each method into a list of authentication methods in auth.properties. For security reason, most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get installation token from the security domain. Previously the auth.properties files were used to store ACL mappings. Now the ACL mappings have been moved into acl.properties. Ticket #477
Diffstat (limited to 'base/kra/shared/webapps/kra/WEB-INF/acl.properties')
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/acl.properties12
1 files changed, 12 insertions, 0 deletions
diff --git a/base/kra/shared/webapps/kra/WEB-INF/acl.properties b/base/kra/shared/webapps/kra/WEB-INF/acl.properties
new file mode 100644
index 0000000..952bdad
--- /dev/null
+++ b/base/kra/shared/webapps/kra/WEB-INF/acl.properties
@@ -0,0 +1,12 @@
+# Restful API authorization mapping info
+#
+# Format:
+# <mapping name> = <resource ID>,<operation>
+# ex: admin.users = certServer.ca.users,read
+
+account.login = certServer.kra.account,login
+account.logout = certServer.kra.account,logout
+admin.users = certServer.kra.users,execute
+admin.groups = certServer.kra.groups,execute
+agent.keys = certServer.kra.keys,execute
+agent.keyrequests = certServer.kra.keyrequests,execute