From cb209df95c4dee11f2a912e20b417fa3bc41c88f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 10 Oct 2012 04:38:05 -0500 Subject: Added ACLInterceptor. Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287 --- base/tks/shared/webapps/tks/WEB-INF/auth.properties | 12 ++++++------ base/tks/src/com/netscape/tks/TKSApplication.java | 4 ++++ 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'base/tks') diff --git a/base/tks/shared/webapps/tks/WEB-INF/auth.properties b/base/tks/shared/webapps/tks/WEB-INF/auth.properties index 90897683e..6de7f08e5 100644 --- a/base/tks/shared/webapps/tks/WEB-INF/auth.properties +++ b/base/tks/shared/webapps/tks/WEB-INF/auth.properties @@ -1,10 +1,10 @@ # Restful API auth/authz mapping info # # Format: -# = , -# ex: /kra/pki/key/retrieve = certServer.kra.pki.key.retrieve,execute +# = , +# ex: admin.users = certServer.ca.users,read -/tks/rest/account/login = certServer.tks.account,login -/tks/rest/account/logout = certServer.tks.account,logout -/tks/rest/admin/users = certServer.tks.users,execute -/tks/rest/admin/groups = certServer.tks.groups,execute +account.login = certServer.tks.account,login +account.logout = certServer.tks.account,logout +admin.users = certServer.tks.users,execute +admin.groups = certServer.tks.groups,execute diff --git a/base/tks/src/com/netscape/tks/TKSApplication.java b/base/tks/src/com/netscape/tks/TKSApplication.java index 5493bb4da..229a64c95 100644 --- a/base/tks/src/com/netscape/tks/TKSApplication.java +++ b/base/tks/src/com/netscape/tks/TKSApplication.java @@ -5,6 +5,7 @@ import java.util.Set; import javax.ws.rs.core.Application; +import com.netscape.certsrv.acls.ACLInterceptor; import com.netscape.certsrv.base.PKIException; import com.netscape.cms.servlet.account.AccountService; import com.netscape.cms.servlet.admin.GroupMemberService; @@ -38,6 +39,9 @@ public class TKSApplication extends Application { // exception mapper classes.add(PKIException.Mapper.class); + + // ACL interceptor + singletons.add(new ACLInterceptor()); } public Set> getClasses() { -- cgit