diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2013-10-11 14:51:57 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2013-10-28 12:54:13 -0400 |
| commit | bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a (patch) | |
| tree | 7d28210db852bd91aa9681af4dd604f6194e0e9b /base/server/cms/src/com | |
| parent | 533029c934843c75d1a01561d3200cc41292aeda (diff) | |
| download | pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.gz pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.tar.xz pki-bdcfb92bbc03dd40c1052bf2e6ad372e4daf134a.zip | |
Added access control for TPS token.
The TPS token REST interface has been modified to require client certificate
authentication. TPS admins, agents, and operators are allowed to view tokens,
but only admins are allowed to add and remove tokens, and only agents are
allowed to modify tokens.
Diffstat (limited to 'base/server/cms/src/com')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java index c42ba26d0..fa2648bc7 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java +++ b/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java @@ -48,7 +48,7 @@ import com.netscape.cms.realm.PKIPrincipal; @Provider public class AuthMethodInterceptor implements ContainerRequestFilter { - Properties authProperties; + Properties authMethodProperties; @Context ServletContext servletContext; @@ -58,22 +58,24 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { public synchronized void loadAuthProperties() throws IOException { - if (authProperties != null) + if (authMethodProperties != null) return; - authProperties = new Properties(); + authMethodProperties = new Properties(); URL url = servletContext.getResource("/WEB-INF/auth-method.properties"); if (url == null) { - authProperties.put("default", "*"); - authProperties.put("account", "certUserDBAuthMgr,passwdUserDBAuthMgr"); - authProperties.put("admin", "certUserDBAuthMgr"); - authProperties.put("agent", "certUserDBAuthMgr"); - authProperties.put("profiles", "certUserDBAuthMgr"); - authProperties.put("securityDomain.installToken", "passwdUserDBAuthMgr"); + authMethodProperties.put("default", "*"); + authMethodProperties.put("account", "certUserDBAuthMgr,passwdUserDBAuthMgr"); + authMethodProperties.put("admin", "certUserDBAuthMgr"); + authMethodProperties.put("agent", "certUserDBAuthMgr"); + authMethodProperties.put("profiles", "certUserDBAuthMgr"); + authMethodProperties.put("securityDomain.installToken", "passwdUserDBAuthMgr"); + authMethodProperties.put("tokens", "certUserDBAuthMgr"); + } else { - authProperties.load(url.openStream()); + authMethodProperties.load(url.openStream()); } } @@ -108,7 +110,7 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { try { loadAuthProperties(); - String value = authProperties.getProperty(name); + String value = authMethodProperties.getProperty(name); Collection<String> authMethods = new HashSet<String>(); if (value != null) { for (String v : value.split(",")) { |