diff options
Diffstat (limited to 'base/ca/shared/webapps/ca')
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/auth.properties | 9 | ||||
-rw-r--r-- | base/ca/shared/webapps/ca/WEB-INF/web.xml | 35 |
2 files changed, 44 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties new file mode 100644 index 000000000..ebb1c6c3f --- /dev/null +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -0,0 +1,9 @@ +# Restful API auth/authz mapping info +# +# Format: +# <Rest API URL> = <ACL Resource ID>,<ACL resource operation> +# ex: /ca/pki/users = certServer.ca.users,read + +/ca/rest/admin/users = certServer.ca.users,execute +/ca/rest/admin/groups = certServer.ca.groups,execute +/ca/rest/agent/certs = certServer.ca.certs,execute diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index 7ec3932c9..af474872e 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -2382,5 +2382,40 @@ <session-config> <session-timeout>30</session-timeout> </session-config> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Admin Services</web-resource-name> + <url-pattern>/rest/admin/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Agent Services</web-resource-name> + <url-pattern>/rest/agent/certs/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <login-config> + <realm-name>Certificate Authority</realm-name> + </login-config> + + <security-role> + <role-name>*</role-name> + </security-role> + </web-app> |