From 1723a2ecd9d4d741ecd6d292712eeaea9d19bde9 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Mon, 8 Oct 2012 14:50:26 -0500 Subject: Added REST account service. A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357 --- base/kra/shared/conf/acl.ldif | 1 + base/kra/shared/webapps/kra/WEB-INF/auth.properties | 2 ++ base/kra/shared/webapps/kra/WEB-INF/web.xml | 13 +++++++++++++ 3 files changed, 16 insertions(+) (limited to 'base/kra/shared') diff --git a/base/kra/shared/conf/acl.ldif b/base/kra/shared/conf/acl.ldif index ea70ffd21..c3eae7596 100644 --- a/base/kra/shared/conf/acl.ldif +++ b/base/kra/shared/conf/acl.ldif @@ -30,6 +30,7 @@ resourceACLS: certServer.kra.TokenKeyRecovery:submit:allow (submit) group="Data resourceACLS: certServer.kra.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent resourceACLS: certServer.kra.getTransportCert:read:allow (read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to retrieve the transport cert resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. +resourceACLS: certServer.kra.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout resourceACLS: certServer.kra.groups:execute:allow (execute) group="Administrators":Admins may execute group operations resourceACLS: certServer.kra.keys:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key operations resourceACLS: certServer.kra.keyrequests:execute:allow (execute) group="Data Recovery Manager Agents":Agents may execute key request operations diff --git a/base/kra/shared/webapps/kra/WEB-INF/auth.properties b/base/kra/shared/webapps/kra/WEB-INF/auth.properties index d2ba3075e..0a529f060 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/auth.properties +++ b/base/kra/shared/webapps/kra/WEB-INF/auth.properties @@ -4,6 +4,8 @@ # = , # ex: /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute +/kra/rest/account/login = certServer.kra.account,login +/kra/rest/account/logout = certServer.kra.account,logout /kra/rest/admin/users = certServer.kra.users,execute /kra/rest/admin/groups = certServer.kra.groups,execute /kra/rest/agent/keys = certServer.kra.keys,execute diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml index 1a5b6aaf5..03def86c7 100644 --- a/base/kra/shared/webapps/kra/WEB-INF/web.xml +++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml @@ -954,6 +954,19 @@ 30 + + + Account Services + /rest/account/* + + + * + + + CONFIDENTIAL + + +