Enabled account service for TKS and OCSP.

The REST account service has been added to TKS and OCSP to enable authentication. Ticket #375
author: Endi Sukma Dewata <edewata@redhat.com> 2012-10-23 18:05:50 -0500
committer: Endi Sukma Dewata <edewata@redhat.com> 2012-10-25 23:36:42 -0500
commit: 6359021315622e97ae3c074752548f915e4af00d (patch)
tree: 6fa92b4c2ac48d469b9fea0970931b005e3903ba /base/tks/shared/webapps/tks
parent: 7c105a64f41000737b85de832522738fd9af4200 (diff)
download: pki-6359021315622e97ae3c074752548f915e4af00d.tar.gz
pki-6359021315622e97ae3c074752548f915e4af00d.tar.xz
pki-6359021315622e97ae3c074752548f915e4af00d.zip
2 files changed, 37 insertions, 1 deletions
diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/auth.properties
index 29dc9f3fc..90897683e 100644
--- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties
+++ b/base/tks/shared/webapps/tks/WEB-INF/auth.properties
@@ -4,5 +4,7 @@
 # <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
 # ex:      /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute
 
+/tks/rest/account/login = certServer.tks.account,login
+/tks/rest/account/logout = certServer.tks.account,logout
 /tks/rest/admin/users = certServer.tks.users,execute
 /tks/rest/admin/groups = certServer.tks.groups,execute
diff --git a/base/tks/shared/webapps/tks/WEB-INF/web.xml b/base/tks/shared/webapps/tks/WEB-INF/web.xml
index a06b2f213..b1958c033 100644
--- a/base/tks/shared/webapps/tks/WEB-INF/web.xml
+++ b/base/tks/shared/webapps/tks/WEB-INF/web.xml
@@ -417,5 +417,39 @@
    <session-config>
         <session-timeout>30</session-timeout>
    </session-config>
-</web-app>
 
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Account Services</web-resource-name>
+            <url-pattern>/rest/account/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Admin Services</web-resource-name>
+            <url-pattern>/rest/admin/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <login-config>
+        <realm-name>Token Key Service</realm-name>
+    </login-config>
+
+    <security-role>
+        <role-name>*</role-name>
+    </security-role>
+
+</web-app>
author	Endi Sukma Dewata <edewata@redhat.com>	2012-10-23 18:05:50 -0500
committer	Endi Sukma Dewata <edewata@redhat.com>	2012-10-25 23:36:42 -0500
commit	6359021315622e97ae3c074752548f915e4af00d (patch)
tree	6fa92b4c2ac48d469b9fea0970931b005e3903ba /base/tks/shared/webapps/tks
parent	7c105a64f41000737b85de832522738fd9af4200 (diff)
download	pki-6359021315622e97ae3c074752548f915e4af00d.tar.gz pki-6359021315622e97ae3c074752548f915e4af00d.tar.xz pki-6359021315622e97ae3c074752548f915e4af00d.zip