diff options
Diffstat (limited to 'base/kra/shared')
| -rw-r--r-- | base/kra/shared/conf/acl.ldif | 1 | ||||
| -rw-r--r-- | base/kra/shared/conf/acl.properties | 2 | ||||
| -rw-r--r-- | base/kra/shared/webapps/kra/WEB-INF/web.xml | 13 |
3 files changed, 16 insertions, 0 deletions
diff --git a/base/kra/shared/conf/acl.ldif b/base/kra/shared/conf/acl.ldif index 76da45db3..24e738216 100644 --- a/base/kra/shared/conf/acl.ldif +++ b/base/kra/shared/conf/acl.ldif @@ -34,4 +34,5 @@ resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) gro resourceACLS: certServer.kra.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout resourceACLS: certServer.kra.groups:execute:allow (execute) group="Administrators":Admins may execute group operations resourceACLS: certServer.kra.keyrequests:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key request operations +resourceACLS: certServer.kra.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. resourceACLS: certServer.kra.users:execute:allow (execute) group="Administrators":Admins may execute user operations diff --git a/base/kra/shared/conf/acl.properties b/base/kra/shared/conf/acl.properties index 8f6ff5e7a..3fde90465 100644 --- a/base/kra/shared/conf/acl.properties +++ b/base/kra/shared/conf/acl.properties @@ -10,4 +10,6 @@ account.logout = certServer.kra.account,logout groups = certServer.kra.groups,execute keys = certServer.kra.keys,execute keyrequests = certServer.kra.keyrequests,execute +selftests.read = certServer.kra.selftests,read +selftests.execute = certServer.kra.selftests,execute users = certServer.kra.users,execute diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml index 12f18848e..d27d88d71 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/web.xml +++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml @@ -1159,6 +1159,19 @@ </security-constraint> [PKI_CLOSE_STANDALONE_COMMENT] + <security-constraint> + <web-resource-collection> + <web-resource-name>Self Tests</web-resource-name> + <url-pattern>/rest/selftests/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + <login-config> <realm-name>Key Recovery Authority</realm-name> </login-config> |