diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-01 13:05:38 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-02-12 22:32:51 -0500 |
commit | af5d06d241b33cea3a9e6b54ead00436fb2d5edc (patch) | |
tree | 01341b098eecc7acb7579061cf708b8b309c3188 /base/ocsp/shared/webapps | |
parent | 12bd85dc50052107e5dccff56f4110b133aafdc1 (diff) | |
download | pki-af5d06d241b33cea3a9e6b54ead00436fb2d5edc.tar.gz pki-af5d06d241b33cea3a9e6b54ead00436fb2d5edc.tar.xz pki-af5d06d241b33cea3a9e6b54ead00436fb2d5edc.zip |
Added authentication method validation.ticket-477-4
A new mechanism has been added to limit the authentication methods that
can be used to invoke the REST methods. The AuthMethodMapping annotation
maps each REST method to a list of allowed authentication methods defined
auth-method.properties. When a client calls a REST method, the AuthMethod-
Interceptor will intercept the call and verify that the client uses an
allowed authentication method.
For security reason, most REST methods that require authentication have been
configured to require client certificate authentication. Authentication using
username and password will only be used to get the installation token from
security domain.
The auth.properties have been renamed to acl.properties since it's used to
store ACL mappings.
Ticket #477
Diffstat (limited to 'base/ocsp/shared/webapps')
-rw-r--r-- | base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties (renamed from base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties) | 6 | ||||
-rw-r--r-- | base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties | 9 |
2 files changed, 12 insertions, 3 deletions
diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties index cd2e14058..95fabba72 100644 --- a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/acl.properties @@ -1,8 +1,8 @@ -# Restful API auth/authz mapping info +# Restful API authorization mapping info # # Format: -# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation> -# ex: admin.users = certServer.ca.users,read +# <mapping name> = <resource ID>,<operation> +# ex: admin.users = certServer.ca.users,read account.login = certServer.ocsp.account,login account.logout = certServer.ocsp.account,logout diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties new file mode 100644 index 000000000..81e24403f --- /dev/null +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth-method.properties @@ -0,0 +1,9 @@ +# Restful API auth mapping info +# +# Format: +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr |