summaryrefslogtreecommitdiffstats
path: root/base/kra
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra')
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/auth.properties16
-rw-r--r--base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java3
2 files changed, 11 insertions, 8 deletions
diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties
index 0a529f060..567747f5b 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties
+++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties
@@ -1,12 +1,12 @@
# Restful API auth/authz mapping info
#
# Format:
-# <Rest API URL> = <ACL Resource ID>,<ACL resource operation>
-# ex: /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute
+# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation>
+# ex: admin.users = certServer.ca.users,read
-/kra/rest/account/login = certServer.kra.account,login
-/kra/rest/account/logout = certServer.kra.account,logout
-/kra/rest/admin/users = certServer.kra.users,execute
-/kra/rest/admin/groups = certServer.kra.groups,execute
-/kra/rest/agent/keys = certServer.kra.keys,execute
-/kra/rest/agent/keyrequests = certServer.kra.keyrequests,execute
+account.login = certServer.kra.account,login
+account.logout = certServer.kra.account,logout
+admin.users = certServer.kra.users,execute
+admin.groups = certServer.kra.groups,execute
+agent.keys = certServer.kra.keys,execute
+agent.keyrequests = certServer.kra.keyrequests,execute
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
index 280ffe1dc..0ed23f697 100644
--- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
+++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java
@@ -5,6 +5,7 @@ import java.util.Set;
import javax.ws.rs.core.Application;
+import com.netscape.certsrv.acls.ACLInterceptor;
import com.netscape.certsrv.base.PKIException;
import com.netscape.cms.servlet.account.AccountService;
import com.netscape.cms.servlet.admin.GroupMemberService;
@@ -45,6 +46,8 @@ public class KeyRecoveryAuthorityApplication extends Application {
// exception mapper
classes.add(PKIException.Mapper.class);
+ // ACL interceptor
+ singletons.add(new ACLInterceptor());
}
public Set<Class<?>> getClasses() {
generated by cgit (git 2.34.1) at 2024-04-30 11:56:25 +0000