summaryrefslogtreecommitdiffstats
path: root/base/ca/shared/webapps/ca/WEB-INF/auth.properties
Commit message (Collapse)AuthorAgeFilesLines
* Added configuration file for authentication method validation.ticket-477-6Endi Sukma Dewata2013-02-181-14/+0
| | | | | | | | | | The auth.properties have been converted into a configuration file to store the list of allowed authentication methods for each REST method. The old auth.properties have been renamed to acl.properties since it's used to store ACL mappings. Ticket #510
* Added authentication method validation.ticket-477-7Endi Sukma Dewata2013-02-181-3/+3
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Resolved Trac Ticket 367 - pkidestroy does not remove connectorAde Lee2013-01-151-0/+1
| | | | | | | | | | | * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
* Added ACLInterceptor.Endi Sukma Dewata2012-11-081-9/+9
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Enabled realm authentication for certificate requests.Endi Sukma Dewata2012-10-221-0/+1
| | | | | | | | | The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300
* Added REST account service.Endi Sukma Dewata2012-10-221-0/+2
| | | | | | | | | A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
* Enabled authentication for security domain REST interface.Endi Sukma Dewata2012-10-181-0/+1
| | | | | | | | The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
* Enabled SSL authenticator and PKI realm.Endi Sukma Dewata2012-08-031-0/+9
The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107
generated by cgit (git 2.34.1) at 2024-05-04 04:57:38 +0000