diff options
15 files changed, 73 insertions, 67 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties index f10501692..24ed2d6a5 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -6,15 +6,15 @@ account.login = certServer.ca.account,login account.logout = certServer.ca.account,logout -admin.users = certServer.ca.users,execute -admin.groups = certServer.ca.groups,execute -admin.kraconnector = certServer.ca.connectorInfo,modify -agent.certrequests = certServer.ca.certrequests,execute -agent.certs = certServer.ca.certs,execute -profile.approve = certServer.ca.profile,approve -profile.create = certServer.profile.configuration,modify -profile.delete = certServer.profile.configuration,modify -profile.list = certServer.ee.profiles,list -profile.modify = certServer.profile.configuration,modify -profile.read = certServer.profile.configuration,read +certs = certServer.ca.certs,execute +certrequests = certServer.ca.certrequests,execute +groups = certServer.ca.groups,execute +kraconnectors = certServer.ca.connectorInfo,modify +profiles.approve = certServer.ca.profile,approve +profiles.create = certServer.profile.configuration,modify +profiles.delete = certServer.profile.configuration,modify +profiles.list = certServer.ee.profiles,list +profiles.modify = certServer.profile.configuration,modify +profiles.read = certServer.profile.configuration,read securityDomain.installToken = certServer.securitydomain.domainxml,read +users = certServer.ca.users,execute diff --git a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java index 7656080a1..8dc30bcdf 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java +++ b/base/common/src/com/netscape/certsrv/cert/CertRequestResource.java @@ -62,8 +62,8 @@ public interface CertRequestResource { @GET @Path("agent/certrequests") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public CertRequestInfos listRequests(@QueryParam("requestState") String requestState, @QueryParam("requestType") String requestType, @QueryParam("start") RequestId start, @@ -74,8 +74,8 @@ public interface CertRequestResource { @GET @Path("agent/certrequests/{id}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public CertReviewResponse reviewRequest(@PathParam("id") RequestId id); @GET @@ -93,50 +93,50 @@ public interface CertRequestResource { @POST @Path("agent/certrequests/{id}/approve") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void approveRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/reject") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void rejectRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/cancel") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void cancelRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/update") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void updateRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/validate") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void validateRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/unassign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void unassignRequest(@PathParam("id") RequestId id, CertReviewResponse data); @POST @Path("agent/certrequests/{id}/assign") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certrequests") - @AuthMethodMapping("agent") + @ACLMapping("certrequests") + @AuthMethodMapping("certrequests") public void assignRequest(@PathParam("id") RequestId id, CertReviewResponse data); } diff --git a/base/common/src/com/netscape/certsrv/cert/CertResource.java b/base/common/src/com/netscape/certsrv/cert/CertResource.java index b5b282b18..9f527e130 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertResource.java +++ b/base/common/src/com/netscape/certsrv/cert/CertResource.java @@ -43,31 +43,31 @@ public interface CertResource { @GET @Path("agent/certs/{id}") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertData reviewCert(@PathParam("id") CertId id); @POST @Path("agent/certs/{id}/revoke-ca") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertRequestInfo revokeCACert(@PathParam("id") CertId id, CertRevokeRequest request); @POST @Path("agent/certs/{id}/revoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertRequestInfo revokeCert(@PathParam("id") CertId id, CertRevokeRequest request); @POST @Path("agent/certs/{id}/unrevoke") @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ACLMapping("agent.certs") - @AuthMethodMapping("agent") + @ACLMapping("certs") + @AuthMethodMapping("certs") public CertRequestInfo unrevokeCert(@PathParam("id") CertId id, CertUnrevokeRequest request); } diff --git a/base/common/src/com/netscape/certsrv/group/GroupResource.java b/base/common/src/com/netscape/certsrv/group/GroupResource.java index ea59922a5..12c90228b 100644 --- a/base/common/src/com/netscape/certsrv/group/GroupResource.java +++ b/base/common/src/com/netscape/certsrv/group/GroupResource.java @@ -38,8 +38,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; * @author Endi S. Dewata */ @Path("admin/groups") -@ACLMapping("admin.groups") -@AuthMethodMapping("admin") +@ACLMapping("groups") +@AuthMethodMapping("groups") public interface GroupResource { @GET diff --git a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java index b7bea7057..9256ac461 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyRequestResource.java @@ -18,8 +18,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; import com.netscape.certsrv.request.RequestId; @Path("agent/keyrequests") -@ACLMapping("agent.keyrequests") -@AuthMethodMapping("agent") +@ACLMapping("keyrequests") +@AuthMethodMapping("keyrequests") public interface KeyRequestResource { public final String SYMMETRIC_KEY_TYPE = "symmetricKey"; diff --git a/base/common/src/com/netscape/certsrv/key/KeyResource.java b/base/common/src/com/netscape/certsrv/key/KeyResource.java index a574abb65..c420e0d45 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyResource.java +++ b/base/common/src/com/netscape/certsrv/key/KeyResource.java @@ -14,8 +14,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; @Path("agent/keys") -@ACLMapping("agent.keys") -@AuthMethodMapping("agent") +@ACLMapping("keys") +@AuthMethodMapping("keys") public interface KeyResource { @GET diff --git a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java index 5af61bff7..39ed0e6e2 100644 --- a/base/common/src/com/netscape/certsrv/profile/ProfileResource.java +++ b/base/common/src/com/netscape/certsrv/profile/ProfileResource.java @@ -22,7 +22,7 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; public interface ProfileResource { @GET - @ACLMapping("profile.list") + @ACLMapping("profiles.list") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileDataInfos listProfiles( @QueryParam("start") Integer start, @@ -30,34 +30,34 @@ public interface ProfileResource { @GET @Path("{id}") - @ACLMapping("profile.read") + @ACLMapping("profiles.read") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public ProfileData retrieveProfile(@PathParam("id") String id); @POST @ClientResponseType(entityType=ProfileData.class) - @ACLMapping("profile.create") + @ACLMapping("profiles.create") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response createProfile(ProfileData data); @POST @Path("{id}") - @ACLMapping("profile.approve") + @ACLMapping("profiles.approve") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void modifyProfileState(@PathParam("id") String id, @QueryParam("action") String action); @PUT @Path("{id}") @ClientResponseType(entityType=ProfileData.class) - @ACLMapping("profile.modify") + @ACLMapping("profiles.modify") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public Response modifyProfile(@PathParam("id") String id, ProfileData data); @DELETE @Path("{id}") - @ACLMapping("profile.delete") + @ACLMapping("profiles.delete") @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) public void deleteProfile(@PathParam("id") String id); diff --git a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java index 0799b55a6..474994e9e 100644 --- a/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java +++ b/base/common/src/com/netscape/certsrv/system/KRAConnectorResource.java @@ -32,8 +32,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; * @author Ade Lee */ @Path("admin/kraconnector") -@ACLMapping("admin.kraconnector") -@AuthMethodMapping("admin") +@ACLMapping("kraconnectors") +@AuthMethodMapping("kraconnectors") public interface KRAConnectorResource { @POST diff --git a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java index aeee39071..441e6f303 100644 --- a/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java +++ b/base/common/src/com/netscape/certsrv/system/TPSConnectorResource.java @@ -39,7 +39,7 @@ import com.netscape.certsrv.key.KeyData; * @author Ade Lee */ @Path("/admin/tps-connectors") -@AuthMethodMapping("admin") +@AuthMethodMapping("tpsconnectors") public interface TPSConnectorResource { @GET @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) diff --git a/base/common/src/com/netscape/certsrv/user/UserResource.java b/base/common/src/com/netscape/certsrv/user/UserResource.java index 961f5ebda..19db939dd 100644 --- a/base/common/src/com/netscape/certsrv/user/UserResource.java +++ b/base/common/src/com/netscape/certsrv/user/UserResource.java @@ -38,8 +38,8 @@ import com.netscape.certsrv.authentication.AuthMethodMapping; * @author Endi S. Dewata */ @Path("admin/users") -@ACLMapping("admin.users") -@AuthMethodMapping("admin") +@ACLMapping("users") +@AuthMethodMapping("users") public interface UserResource { public static final String ATTR_TPS_PROFILES = "tpsProfiles"; diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties index 952bdad33..77b7df8bd 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties +++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties @@ -6,7 +6,7 @@ account.login = certServer.kra.account,login account.logout = certServer.kra.account,logout -admin.users = certServer.kra.users,execute -admin.groups = certServer.kra.groups,execute -agent.keys = certServer.kra.keys,execute -agent.keyrequests = certServer.kra.keyrequests,execute +groups = certServer.kra.groups,execute +keys = certServer.kra.keys,execute +keyrequests = certServer.kra.keyrequests,execute +users = certServer.kra.users,execute diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties index 95fabba72..9e138cb5a 100644 --- a/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/auth.properties @@ -6,5 +6,5 @@ account.login = certServer.ocsp.account,login account.logout = certServer.ocsp.account,logout -admin.users = certServer.ocsp.users,execute -admin.groups = certServer.ocsp.groups,execute +groups = certServer.ocsp.groups,execute +users = certServer.ocsp.users,execute diff --git a/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java index 8b81b429a..75159f375 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java +++ b/base/server/cms/src/com/netscape/cms/authorization/AuthMethodInterceptor.java @@ -68,15 +68,21 @@ public class AuthMethodInterceptor implements ContainerRequestFilter { if (url == null) { authMethodProperties.put("default", "*"); authMethodProperties.put("account", "certUserDBAuthMgr,passwdUserDBAuthMgr"); - authMethodProperties.put("admin", "certUserDBAuthMgr"); - authMethodProperties.put("agent", "certUserDBAuthMgr"); + authMethodProperties.put("authenticators", "certUserDBAuthMgr"); + authMethodProperties.put("certs", "certUserDBAuthMgr"); + authMethodProperties.put("certrequests", "certUserDBAuthMgr"); authMethodProperties.put("config", "certUserDBAuthMgr"); authMethodProperties.put("connections", "certUserDBAuthMgr"); - authMethodProperties.put("authenticators", "certUserDBAuthMgr"); + authMethodProperties.put("groups", "certUserDBAuthMgr"); + authMethodProperties.put("keys", "certUserDBAuthMgr"); + authMethodProperties.put("keyrequests", "certUserDBAuthMgr"); + authMethodProperties.put("kraconnectors", "certUserDBAuthMgr"); authMethodProperties.put("profiles", "certUserDBAuthMgr"); authMethodProperties.put("securityDomain.installToken", "passwdUserDBAuthMgr"); authMethodProperties.put("selftests", "certUserDBAuthMgr"); authMethodProperties.put("tokens", "certUserDBAuthMgr"); + authMethodProperties.put("tpsconnectors", "certUserDBAuthMgr"); + authMethodProperties.put("users", "certUserDBAuthMgr"); } else { authMethodProperties.load(url.openStream()); diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/auth.properties index 62367135e..cf3d27b74 100644 --- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties +++ b/base/tks/shared/webapps/tks/WEB-INF/auth.properties @@ -6,5 +6,5 @@ account.login = certServer.tks.account,login account.logout = certServer.tks.account,logout -admin.users = certServer.tks.users,execute -admin.groups = certServer.tks.groups,execute +groups = certServer.tks.groups,execute +users = certServer.tks.users,execute diff --git a/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties b/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties index bc64a58f0..e986b87a3 100644 --- a/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties +++ b/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties @@ -6,8 +6,6 @@ account.login = certServer.tps.account,login account.logout = certServer.tps.account,logout -admin.users = certServer.tps.users,execute -admin.groups = certServer.tps.groups,execute authenticators.read = certServer.tps.authenticators,read authenticators.add = certServer.tps.authenticators,add authenticators.modify = certServer.tps.authenticators,modify @@ -18,6 +16,7 @@ connections.read = certServer.tps.connections,read connections.add = certServer.tps.connections,add connections.modify = certServer.tps.connections,modify connections.remove = certServer.tps.connections,remove +groups = certServer.tps.groups,execute profiles.read = certServer.tps.profiles,read profiles.add = certServer.tps.profiles,add profiles.modify = certServer.tps.profiles,modify @@ -29,3 +28,4 @@ tokens.read = certServer.tps.tokens,read tokens.add = certServer.tps.tokens,add tokens.modify = certServer.tps.tokens,modify tokens.remove = certServer.tps.tokens,remove +users = certServer.tps.users,execute |