From ba75a144f4c57c0e804fdd6e86eaae40e5822b14 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Fri, 1 Feb 2013 13:05:38 -0500
Subject: Added configuration file for authentication method validation.

The auth.properties have been converted into a configuration file to store the
list of allowed authentication methods for each REST method.

The old auth.properties have been renamed to acl.properties since it's used to
store ACL mappings.

Ticket #510
---
 base/ca/shared/webapps/ca/WEB-INF/acl.properties         | 14 ++++++++++++++
 base/ca/shared/webapps/ca/WEB-INF/auth-method.properties | 11 +++++++++++
 base/ca/shared/webapps/ca/WEB-INF/auth.properties        | 14 --------------
 3 files changed, 25 insertions(+), 14 deletions(-)
 create mode 100644 base/ca/shared/webapps/ca/WEB-INF/acl.properties
 create mode 100644 base/ca/shared/webapps/ca/WEB-INF/auth-method.properties
 delete mode 100644 base/ca/shared/webapps/ca/WEB-INF/auth.properties

(limited to 'base/ca')

diff --git a/base/ca/shared/webapps/ca/WEB-INF/acl.properties b/base/ca/shared/webapps/ca/WEB-INF/acl.properties
new file mode 100644
index 000000000..20f3dd864
--- /dev/null
+++ b/base/ca/shared/webapps/ca/WEB-INF/acl.properties
@@ -0,0 +1,14 @@
+# Restful API authorization mapping info
+#
+# Format:
+# <mapping name> = <resource ID>,<operation>
+# ex: admin.users = certServer.ca.users,read
+
+account.login = certServer.ca.account,login
+account.logout = certServer.ca.account,logout
+admin.users = certServer.ca.users,execute
+admin.groups = certServer.ca.groups,execute
+admin.kraconnector = certServer.ca.connectorInfo,modify
+agent.certrequests = certServer.ca.certrequests,execute
+agent.certs = certServer.ca.certs,execute
+securityDomain.installToken = certServer.securitydomain.domainxml,read
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties b/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties
new file mode 100644
index 000000000..3a6658765
--- /dev/null
+++ b/base/ca/shared/webapps/ca/WEB-INF/auth-method.properties
@@ -0,0 +1,11 @@
+# Restful API auth mapping info
+#
+# Format:
+# <mapping name> = <allowed auth methods>
+# ex: admin.users = certUserDBAuthMgr,passwdUserDBAuthMgr
+
+default = *
+account = certUserDBAuthMgr,passwdUserDBAuthMgr
+admin = certUserDBAuthMgr
+agent = certUserDBAuthMgr
+securityDomain.installToken = passwdUserDBAuthMgr
diff --git a/base/ca/shared/webapps/ca/WEB-INF/auth.properties b/base/ca/shared/webapps/ca/WEB-INF/auth.properties
deleted file mode 100644
index 20f3dd864..000000000
--- a/base/ca/shared/webapps/ca/WEB-INF/auth.properties
+++ /dev/null
@@ -1,14 +0,0 @@
-# Restful API authorization mapping info
-#
-# Format:
-# <mapping name> = <resource ID>,<operation>
-# ex: admin.users = certServer.ca.users,read
-
-account.login = certServer.ca.account,login
-account.logout = certServer.ca.account,logout
-admin.users = certServer.ca.users,execute
-admin.groups = certServer.ca.groups,execute
-admin.kraconnector = certServer.ca.connectorInfo,modify
-agent.certrequests = certServer.ca.certrequests,execute
-agent.certs = certServer.ca.certs,execute
-securityDomain.installToken = certServer.securitydomain.domainxml,read
-- 
cgit