diff options
Diffstat (limited to 'base/tks')
-rw-r--r-- | base/tks/shared/webapps/tks/WEB-INF/acl.properties (renamed from base/tks/shared/webapps/tks/WEB-INF/auth.properties) | 6 | ||||
-rw-r--r-- | base/tks/shared/webapps/tks/WEB-INF/auth-method.properties | 9 | ||||
-rw-r--r-- | base/tks/src/com/netscape/tks/TKSApplication.java | 4 |
3 files changed, 15 insertions, 4 deletions
diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/acl.properties index 6de7f08e5..62367135e 100644 --- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties +++ b/base/tks/shared/webapps/tks/WEB-INF/acl.properties @@ -1,8 +1,8 @@ -# Restful API auth/authz mapping info +# Restful API authorization mapping info # # Format: -# <ACL Mapping> = <ACL Resource ID>,<ACL Resource Operation> -# ex: admin.users = certServer.ca.users,read +# <mapping name> = <resource ID>,<operation> +# ex: admin.users = certServer.ca.users,read account.login = certServer.tks.account,login account.logout = certServer.tks.account,logout diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties b/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties new file mode 100644 index 000000000..81e24403f --- /dev/null +++ b/base/tks/shared/webapps/tks/WEB-INF/auth-method.properties @@ -0,0 +1,9 @@ +# Restful API auth mapping info +# +# Format: +# <mapping name> = <allowed auth methods> +# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +admin = certUserDBAuthMgr diff --git a/base/tks/src/com/netscape/tks/TKSApplication.java b/base/tks/src/com/netscape/tks/TKSApplication.java index 229a64c95..6dfbeae0b 100644 --- a/base/tks/src/com/netscape/tks/TKSApplication.java +++ b/base/tks/src/com/netscape/tks/TKSApplication.java @@ -6,6 +6,7 @@ import java.util.Set; import javax.ws.rs.core.Application; import com.netscape.certsrv.acls.ACLInterceptor; +import com.netscape.certsrv.authentication.AuthMethodInterceptor; import com.netscape.certsrv.base.PKIException; import com.netscape.cms.servlet.account.AccountService; import com.netscape.cms.servlet.admin.GroupMemberService; @@ -40,7 +41,8 @@ public class TKSApplication extends Application { // exception mapper classes.add(PKIException.Mapper.class); - // ACL interceptor + // interceptors + singletons.add(new AuthMethodInterceptor()); singletons.add(new ACLInterceptor()); } |