diff options
Diffstat (limited to 'base/ca/src/org/dogtagpki/server/ca/rest/CertService.java')
-rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/CertService.java | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java index 440f756de..f219db63e 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java @@ -50,6 +50,7 @@ import netscape.security.x509.RevocationReason; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509Key; +import org.apache.catalina.realm.GenericPrincipal; import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; @@ -75,7 +76,6 @@ import com.netscape.certsrv.dbs.certdb.ICertificateRepository; import com.netscape.certsrv.logging.AuditFormat; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequest; -import com.netscape.cms.realm.PKIPrincipal; import com.netscape.cms.servlet.base.PKIService; import com.netscape.cms.servlet.cert.CertRequestDAO; import com.netscape.cms.servlet.cert.FilterBuilder; @@ -242,8 +242,10 @@ public class CertService extends PKIService implements CertResource { processor.createCRLExtension(); - PKIPrincipal principal = (PKIPrincipal)servletRequest.getUserPrincipal(); - // TODO: do not hard-code role name + // TODO remove hardcoded role names and consult authzmgr + // (so that we can handle externally-authenticated principals) + GenericPrincipal principal = + (GenericPrincipal) servletRequest.getUserPrincipal(); String subjectDN = principal.hasRole("Certificate Manager Agents") ? null : clientSubjectDN; |