diff options
Diffstat (limited to 'base/kra')
-rw-r--r-- | base/kra/shared/webapps/kra/WEB-INF/auth.properties | 16 | ||||
-rw-r--r-- | base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java | 3 |
2 files changed, 11 insertions, 8 deletions
diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties index 0a529f060..567747f5b 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties +++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties @@ -1,12 +1,12 @@ # Restful API auth/authz mapping info # # Format: -# <Rest API URL> = <ACL Resource ID>,<ACL resource operation> -# ex: /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute +# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation> +# ex: admin.users = certServer.ca.users,read -/kra/rest/account/login = certServer.kra.account,login -/kra/rest/account/logout = certServer.kra.account,logout -/kra/rest/admin/users = certServer.kra.users,execute -/kra/rest/admin/groups = certServer.kra.groups,execute -/kra/rest/agent/keys = certServer.kra.keys,execute -/kra/rest/agent/keyrequests = certServer.kra.keyrequests,execute +account.login = certServer.kra.account,login +account.logout = certServer.kra.account,logout +admin.users = certServer.kra.users,execute +admin.groups = certServer.kra.groups,execute +agent.keys = certServer.kra.keys,execute +agent.keyrequests = certServer.kra.keyrequests,execute diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java index 280ffe1dc..0ed23f697 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthorityApplication.java @@ -5,6 +5,7 @@ import java.util.Set; import javax.ws.rs.core.Application; +import com.netscape.certsrv.acls.ACLInterceptor; import com.netscape.certsrv.base.PKIException; import com.netscape.cms.servlet.account.AccountService; import com.netscape.cms.servlet.admin.GroupMemberService; @@ -45,6 +46,8 @@ public class KeyRecoveryAuthorityApplication extends Application { // exception mapper classes.add(PKIException.Mapper.class); + // ACL interceptor + singletons.add(new ACLInterceptor()); } public Set<Class<?>> getClasses() { |