Moved REST services into separate URLs.

To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.

Ticket #107

1 files changed, 4 insertions, 10 deletions

diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties
index a206aa9e4..d2ba3075e 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties
+++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties
@@ -4,13 +4,7 @@
 # <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
 # ex:      /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute
 
-/kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute
-/kra/pki/keyrequests = certServer.kra.pki.keyrequests,read
-/kra/pki/keyrequest = certServer.kra.pki.keyrequest,read
-/kra/pki/keyrequest/archive = certServer.kra.pki.keyrequest.archive,execute
-/kra/pki/keyrequest/recover = certServer.kra.pki.keyrequest.recover,execute
-/kra/pki/keyrequest/approve = certServer.kra.pki.keyrequest.approve,execute
-/kra/pki/keyrequest/reject = certServer.kra.pki.keyrequest.reject,execute
-/kra/pki/keyrequest/cancel = certServer.kra.pki.keyrequest.cancel,execute
-/kra/pki/keys = certServer.kra.pki.keys,read
-/kra/pki/config/cert/transport = certServer.kra.pki.config.cert.transport,read
+/kra/rest/admin/users = certServer.kra.users,execute
+/kra/rest/admin/groups = certServer.kra.groups,execute
+/kra/rest/agent/keys = certServer.kra.keys,execute
+/kra/rest/agent/keyrequests = certServer.kra.keyrequests,execute