summaryrefslogtreecommitdiffstats
path: root/base/ca/shared/webapps
diff options
context:
space:
mode:
Diffstat (limited to 'base/ca/shared/webapps')
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/auth.properties9
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/web.xml35
2 files changed, 44 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
new file mode 100644
index 000000000..ebb1c6c3f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
@@ -0,0 +1,9 @@
+# Restful API auth/authz mapping info
+#
+# Format:
+# <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
+# ex: /ca/pki/users = certServer.ca.users,read
+
+/ca/rest/admin/users = certServer.ca.users,execute
+/ca/rest/admin/groups = certServer.ca.groups,execute
+/ca/rest/agent/certs = certServer.ca.certs,execute
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index 7ec3932c9..af474872e 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -2382,5 +2382,40 @@
<session-config>
<session-timeout>30</session-timeout>
</session-config>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admin Services</web-resource-name>
+ <url-pattern>/rest/admin/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Agent Services</web-resource-name>
+ <url-pattern>/rest/agent/certs/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <realm-name>Certificate Authority</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>*</role-name>
+ </security-role>
+
</web-app>
generated by cgit (git 2.34.1) at 2024-05-25 13:39:28 +0000