summaryrefslogtreecommitdiffstats
path: root/base/ca
diff options
context:
space:
mode:
Diffstat (limited to 'base/ca')
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/auth.properties1
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/web.xml13
-rw-r--r--base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java15
3 files changed, 29 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
index ebb1c6c3f..b13795760 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
@@ -7,3 +7,4 @@
/ca/rest/admin/users = certServer.ca.users,execute
/ca/rest/admin/groups = certServer.ca.groups,execute
/ca/rest/agent/certs = certServer.ca.certs,execute
+/ca/rest/securityDomain/installToken = certServer.securitydomain.domainxml,read
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index c1b2738c8..9f876e5c2 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -2411,6 +2411,19 @@
</user-data-constraint>
</security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Security Domain Services</web-resource-name>
+ <url-pattern>/rest/securityDomain/installToken</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
<login-config>
<realm-name>Certificate Authority</realm-name>
</login-config>
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
index bb6431907..51d48cf5e 100644
--- a/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
+++ b/base/ca/src/com/netscape/ca/CertificateAuthorityApplication.java
@@ -5,6 +5,9 @@ import java.util.Set;
import javax.ws.rs.core.Application;
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.PKIException;
import com.netscape.cms.servlet.admin.GroupMemberService;
import com.netscape.cms.servlet.admin.GroupService;
@@ -12,6 +15,7 @@ import com.netscape.cms.servlet.admin.SystemCertService;
import com.netscape.cms.servlet.admin.UserCertService;
import com.netscape.cms.servlet.admin.UserService;
import com.netscape.cms.servlet.cert.CertService;
+import com.netscape.cms.servlet.csadmin.SecurityDomainService;
import com.netscape.cms.servlet.csadmin.SystemConfigService;
import com.netscape.cms.servlet.profile.ProfileService;
import com.netscape.cms.servlet.request.CertRequestService;
@@ -40,6 +44,17 @@ public class CertificateAuthorityApplication extends Application {
// system certs
classes.add(SystemCertService.class);
+ // security domain
+ try {
+ IConfigStore cs = CMS.getConfigStore();
+ String select = cs.getString("securitydomain.select");
+ if ("new".equals(select)) {
+ classes.add(SecurityDomainService.class);
+ }
+ } catch (EBaseException e) {
+ CMS.debug(e);
+ }
+
// exception mapper
classes.add(PKIException.Mapper.class);
}