summaryrefslogtreecommitdiffstats
path: root/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/kra/shared/webapps/kra/WEB-INF/web.xml')
-rw-r--r--pki/base/kra/shared/webapps/kra/WEB-INF/web.xml79
1 files changed, 78 insertions, 1 deletions
diff --git a/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml b/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
index 529aeadbc..c6e9934eb 100644
--- a/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
+++ b/pki/base/kra/shared/webapps/kra/WEB-INF/web.xml
@@ -1034,5 +1034,82 @@
<session-config>
<session-timeout>30</session-timeout>
</session-config>
-</web-app>
+<!-- Default login configuration uses form-based authentication -->
+<!-- Security Constraint for agent access to the Security Data Rest Interface -->
+
+<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml -->
+<!--
+<security-constraint>
+ <display-name>KRA Top Level Constraint</display-name>
+ <web-resource-collection>
+ <web-resource-name>KRA Protected Area</web-resource-name>
+ <url-pattern>/pki/*
+ </url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+</security-constraint>
+-->
+
+<!-- Security Constraint to deny certain http methods for key/retrieve -->
+<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml -->
+<!--
+<security-constraint>
+<display-name>Key forbidden</display-name>
+<web-resource-collection>
+ <web-resource-name>Key forbidden</web-resource-name>
+ <url-pattern>/pki/key/retrieve</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+</web-resource-collection>
+<auth-constraint/>
+</security-constraint>
+-->
+
+<!-- Security Constraint to deny certain http methods for keyrequest/* -->
+<!-- Uncomment to activate PKIJNDI realm as in conf/server.xml -->
+
+<!--
+<security-constraint>
+<display-name>KeyRequest forbidden</display-name>
+<web-resource-collection>
+ <web-resource-name>KeyRequest forbidden</web-resource-name>
+ <url-pattern>/pki/keyrequest/archive</url-pattern>
+ <url-pattern>/pki/keyrequest/recover</url-pattern>
+ <url-pattern>/pki/keyrequest/approve/*</url-pattern>
+ <url-pattern>/pki/keyrequest/reject/*</url-pattern>
+ <url-pattern>/pki/keyrequest/cancel/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+</web-resource-collection>
+<auth-constraint/>
+</security-constraint>
+-->
+
+
+<!-- Customized SSL Client auth login config
+ uncomment to activate PKIJNDI realm as in conf/server.xml
+-->
+
+<!--
+
+<login-config>
+ <realm-name>PKIJNDIRealm</realm-name>
+ <auth-method>CLIENT-CERT</auth-method>
+ <realm-name>Client Cert Protected Area</realm-name>
+</login-config>
+
+<security-role>
+ <role-name>*</role-name>
+</security-role>
+
+-->
+
+</web-app>
generated by cgit (git 2.34.1) at 2024-06-01 13:57:33 +0000