diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-03-28 00:15:28 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-04 00:29:44 +0200 |
commit | 8e7653987bf592ae6a5968fc0c5ef6696f13d348 (patch) | |
tree | 09d12569579164c785bd30f7eea76822eadb2e77 /base/ocsp/shared | |
parent | 5bcfd93bac70def54a1224f4a89c50ed7c11316a (diff) | |
download | pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.gz pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.tar.xz pki-8e7653987bf592ae6a5968fc0c5ef6696f13d348.zip |
Added audit service and CLI to all subsystems.
Previously the audit service and CLI were only available on TPS.
Now they have been added to all subsystems.
Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
Diffstat (limited to 'base/ocsp/shared')
-rw-r--r-- | base/ocsp/shared/conf/acl.properties | 5 | ||||
-rw-r--r-- | base/ocsp/shared/conf/auth-method.properties | 1 | ||||
-rw-r--r-- | base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml | 13 |
3 files changed, 19 insertions, 0 deletions
diff --git a/base/ocsp/shared/conf/acl.properties b/base/ocsp/shared/conf/acl.properties index 9528f11fa..26b212d9d 100644 --- a/base/ocsp/shared/conf/acl.properties +++ b/base/ocsp/shared/conf/acl.properties @@ -7,6 +7,11 @@ account.login = certServer.ocsp.account,login account.logout = certServer.ocsp.account,logout + +# audit configuration +audit.read = certServer.log.configuration,read +audit.modify = certServer.log.configuration,modify + groups = certServer.ocsp.groups,execute selftests.read = certServer.ocsp.selftests,read selftests.execute = certServer.ocsp.selftests,execute diff --git a/base/ocsp/shared/conf/auth-method.properties b/base/ocsp/shared/conf/auth-method.properties index 9f5a7a1d3..98aee66ab 100644 --- a/base/ocsp/shared/conf/auth-method.properties +++ b/base/ocsp/shared/conf/auth-method.properties @@ -8,6 +8,7 @@ default = * account = certUserDBAuthMgr,passwdUserDBAuthMgr +audit = certUserDBAuthMgr groups = certUserDBAuthMgr selftests = certUserDBAuthMgr users = certUserDBAuthMgr diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml index b8eccf1db..e6108000d 100644 --- a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml @@ -726,6 +726,19 @@ </user-data-constraint> </security-constraint> + <security-constraint> + <web-resource-collection> + <web-resource-name>Audit</web-resource-name> + <url-pattern>/rest/audit/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + [PKI_OPEN_STANDALONE_COMMENT] <security-constraint> <web-resource-collection> |