diff options
Diffstat (limited to 'base/kra/src/org/dogtagpki/server/kra')
-rw-r--r-- | base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java | 8 | ||||
-rw-r--r-- | base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java | 6 |
2 files changed, 7 insertions, 7 deletions
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java index 41d78af53..103b78923 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyRequestService.java @@ -175,7 +175,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource String realm = data.getRealm(); if (realm != null) { - authz.checkRealm(realm, getAuthToken(), null, "keyRequest", "archive"); + authz.checkRealm(realm, getAuthToken(), null, "certServer.kra.requests.archival", "execute"); } response = dao.submitRequest(data, uriInfo, getRequestor()); auditArchivalRequestMade(response.getRequestInfo().getRequestId(), ILogger.SUCCESS, data.getClientKeyId()); @@ -304,7 +304,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource RequestId start, Integer pageSize, Integer maxResults, Integer maxTime, String realm) { if (realm != null) { try { - authz.checkRealm(realm, getAuthToken(), null, "keyRequests", "list"); + authz.checkRealm(realm, getAuthToken(), null, "certServer.kra.requests", "list"); } catch (EAuthzAccessDenied e) { throw new UnauthorizedException("Not authorized to list these requests", e); } catch (EAuthzUnknownRealm e) { @@ -468,7 +468,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } String realm = data.getRealm(); if (realm != null) { - authz.checkRealm(realm, getAuthToken(), null, "keyRequest", "generateSymkey"); + authz.checkRealm(realm, getAuthToken(), null, "certServer.kra.requests.symkey", "execute"); } response = dao.submitRequest(data, uriInfo, getRequestor()); @@ -502,7 +502,7 @@ public class KeyRequestService extends PKIService implements KeyRequestResource } String realm = data.getRealm(); if (realm != null) { - authz.checkRealm(realm, getAuthToken(), null, "keyRequest", "generateAsymkey"); + authz.checkRealm(realm, getAuthToken(), null, "certServer.kra.requests.asymkey", "execute"); } response = dao.submitRequest(data, uriInfo, getRequestor()); diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java index 255d8d614..74b58b8a2 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java @@ -422,7 +422,7 @@ public class KeyService extends PKIService implements KeyResource { if (realm != null) { try { - authz.checkRealm(realm, getAuthToken(), null, "keys", "list"); + authz.checkRealm(realm, getAuthToken(), null, "certServer.kra.keys", "list"); } catch (EAuthzAccessDenied e) { throw new UnauthorizedException("Not authorized to list these keys", e); } catch (EAuthzUnknownRealm e) { @@ -509,7 +509,7 @@ public class KeyService extends PKIService implements KeyResource { if (info != null) { // return the first one, but first confirm that the requester has access to this key try { - authz.checkRealm(info.getRealm(), getAuthToken(), info.getOwnerName(), "key", "read"); + authz.checkRealm(info.getRealm(), getAuthToken(), info.getOwnerName(), "certServer.kra.key", "read"); } catch (EAuthzAccessDenied e) { throw new UnauthorizedException("Not authorized to read this key", e); } catch (EBaseException e) { @@ -681,7 +681,7 @@ public class KeyService extends PKIService implements KeyResource { IKeyRecord rec = null; try { rec = repo.readKeyRecord(keyId.toBigInteger()); - authz.checkRealm(rec.getRealm(), getAuthToken(), rec.getOwnerName(), "key", "read"); + authz.checkRealm(rec.getRealm(), getAuthToken(), rec.getOwnerName(), "certServer.kra.key", "read"); KeyInfo info = createKeyDataInfo(rec, true); auditRetrieveKey(ILogger.SUCCESS, null, keyId, auditInfo); |