From 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Thu, 26 Jul 2012 20:40:08 -0500 Subject: Enabled SSL authenticator and PKI realm. The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107 --- base/ca/shared/webapps/ca/WEB-INF/auth.properties | 9 ++++++ base/ca/shared/webapps/ca/WEB-INF/web.xml | 35 +++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 base/ca/shared/webapps/ca/WEB-INF/auth.properties (limited to 'base/ca/shared/webapps') diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties new file mode 100644 index 000000000..ebb1c6c3f --- /dev/null +++ b/base/ca/shared/webapps/ca/WEB-INF/auth.properties @@ -0,0 +1,9 @@ +# Restful API auth/authz mapping info +# +# Format: +# = , +# ex: /ca/pki/users = certServer.ca.users,read + +/ca/rest/admin/users = certServer.ca.users,execute +/ca/rest/admin/groups = certServer.ca.groups,execute +/ca/rest/agent/certs = certServer.ca.certs,execute diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml index 7ec3932c9..af474872e 100644 --- a/base/ca/shared/webapps/ca/WEB-INF/web.xml +++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml @@ -2382,5 +2382,40 @@ 30 + + + + Admin Services + /rest/admin/* + + + * + + + CONFIDENTIAL + + + + + + Agent Services + /rest/agent/certs/* + + + * + + + CONFIDENTIAL + + + + + Certificate Authority + + + + * + + -- cgit