Added audit service and CLI to all subsystems.

Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
author: Endi S. Dewata <edewata@redhat.com> 2017-03-28 00:15:28 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-04-04 00:29:44 +0200
commit: 8e7653987bf592ae6a5968fc0c5ef6696f13d348 (patch)
tree: 09d12569579164c785bd30f7eea76822eadb2e77 /base/ocsp/shared
parent: 5bcfd93bac70def54a1224f4a89c50ed7c11316a (diff)
download: pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.gz
pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.xz
pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.zip
3 files changed, 19 insertions, 0 deletions
diff --git a/base/ocsp/shared/conf/acl.properties b/base/ocsp/shared/conf/acl.properties
index 9528f11fa..26b212d9d 100644
--- a/base/ocsp/shared/conf/acl.properties
+++ b/base/ocsp/shared/conf/acl.properties
@@ -7,6 +7,11 @@
 
 account.login = certServer.ocsp.account,login
 account.logout = certServer.ocsp.account,logout
+
+# audit configuration
+audit.read = certServer.log.configuration,read
+audit.modify = certServer.log.configuration,modify
+
 groups = certServer.ocsp.groups,execute
 selftests.read = certServer.ocsp.selftests,read
 selftests.execute = certServer.ocsp.selftests,execute
diff --git a/base/ocsp/shared/conf/auth-method.properties b/base/ocsp/shared/conf/auth-method.properties
index 9f5a7a1d3..98aee66ab 100644
--- a/base/ocsp/shared/conf/auth-method.properties
+++ b/base/ocsp/shared/conf/auth-method.properties
@@ -8,6 +8,7 @@
 
 default = *
 account = certUserDBAuthMgr,passwdUserDBAuthMgr
+audit = certUserDBAuthMgr
 groups = certUserDBAuthMgr
 selftests = certUserDBAuthMgr
 users = certUserDBAuthMgr
diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
index b8eccf1db..e6108000d 100644
--- a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
+++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
@@ -726,6 +726,19 @@
         </user-data-constraint>
     </security-constraint>
 
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Audit</web-resource-name>
+            <url-pattern>/rest/audit/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
    [PKI_OPEN_STANDALONE_COMMENT]
     <security-constraint>
         <web-resource-collection>
author	Endi S. Dewata <edewata@redhat.com>	2017-03-28 00:15:28 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-04-04 00:29:44 +0200
commit	8e7653987bf592ae6a5968fc0c5ef6696f13d348 (patch)
tree	09d12569579164c785bd30f7eea76822eadb2e77 /base/ocsp/shared
parent	5bcfd93bac70def54a1224f4a89c50ed7c11316a (diff)
download	pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.gz pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.xz pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.zip