summaryrefslogtreecommitdiffstats
path: root/base/tks/shared/webapps/tks/WEB-INF/web.xml
blob: b1958c0334af5c6cf5cd6ffa935056bd277a04d0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- BEGIN COPYRIGHT BLOCK
     Copyright (C) 2006 Red Hat, Inc.
     All rights reserved.
     END COPYRIGHT BLOCK -->
<!DOCTYPE web-app 
   PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "file:///usr/share/pki/setup/web-app_2_3.dtd">
<web-app>

    <display-name>Token Key Service</display-name>

    <servlet>
        <servlet-name>csadmin-wizard</servlet-name>
        <servlet-class>com.netscape.cms.servlet.wizard.WizardServlet</servlet-class>
        <init-param>
            <param-name>properties</param-name>
            <param-value>/WEB-INF/velocity.properties</param-value>
        </init-param>
        <init-param>
            <param-name>name</param-name>
            <param-value>TKS Setup Wizard</param-value>
        </init-param>
        <init-param>
            <param-name>panels</param-name>
            <param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
        </init-param>
    </servlet>

    <servlet>
        <servlet-name>csadmin-login</servlet-name>
        <servlet-class>com.netscape.cms.servlet.csadmin.LoginServlet</servlet-class>
        <init-param>
            <param-name>properties</param-name>
            <param-value>/WEB-INF/velocity.properties</param-value>
        </init-param>
    </servlet>

   <servlet>
      <servlet-name>  tksstart  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.base.CMSStartServlet  </servlet-class>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  cfgPath     </param-name>
                         <param-value> [PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]CS.cfg </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksstart    </param-value> </init-param>
      <load-on-startup>  1  </load-on-startup>
   </servlet>
                                                                                
   <servlet>
      <servlet-name>  tksug  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.admin.UsrGrpAdminServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksug       </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  tkslog  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.admin.LogAdminServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tkslog      </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
   </servlet>
                                                                                
   <servlet>
      <servlet-name>  tksauths  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.admin.AuthAdminServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksauths    </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
   </servlet>
                         
<!--                                                       
   <servlet>
      <servlet-name>  tksjobsScheduler  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.admin.JobsAdminServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksjobsScheduler </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
   </servlet>
-->

   <servlet>
      <servlet-name>  tksacl  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.admin.ACLAdminServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksacl      </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
   </servlet>
                                                                                
   <servlet>
      <servlet-name>  tksserver  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.admin.CMSAdminServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksserver   </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
   </servlet>

   <servlet>       
          <servlet-name>  tksRegisterUser  </servlet-name>       
          <servlet-class> com.netscape.cms.servlet.csadmin.RegisterUser  </servlet-class>              
             <init-param><param-name>  GetClientCert  </param-name>                          <param-value> false       </param-value> </init-param>
             <init-param><param-name>  authority   </param-name>
                         <param-value> tks          </param-value> </init-param>             <init-param><param-name>  ID          </param-name>
                         <param-value> tksRegisterUser </param-value> </init-param>
             <init-param><param-name>  GroupName     </param-name>
                          <param-value> Token Key Service Manager Agents </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>                          <param-value> TokenAuth </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.tks.registerUser </param-value> </init-param>
   </servlet>

   <servlet>       <servlet-name>  tksImportTransportCert  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.csadmin.ImportTransportCert  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> false       </param-value> </init-param>
             <init-param><param-name>  authority   </param-name>
                         <param-value> tks          </param-value> </init-param>             <init-param><param-name>  ID          </param-name>
                         <param-value> tksImportTransportCert </param-value> </init-param>              <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> TokenAuth </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.tks.importTransportCert </param-value> </init-param>
   </servlet>


   <servlet>
      <servlet-name>  tksEncryptData  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.tks.TokenServlet  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> true        </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksEncryptData </param-value> </init-param>
             <init-param><param-name>  template    </param-name>
                         <param-value> index.template </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.tks.encrypteddata </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> certUserDBAuthMgr </param-value> </init-param>
   </servlet>
                                                                                
   <servlet>
      <servlet-name>  tksCreateKeySetData  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.tks.TokenServlet  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> true        </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksCreateKeySetData </param-value> </init-param>
             <init-param><param-name>  template    </param-name>
                         <param-value> index.template </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.tks.keysetdata </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> certUserDBAuthMgr </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  tksSessionKey  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.tks.TokenServlet  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> true        </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksSessionKey </param-value> </init-param>
             <init-param><param-name>  template    </param-name>
                         <param-value> index.template </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.tks.sessionkey </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> certUserDBAuthMgr </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  tksRandomData  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.tks.TokenServlet  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> true        </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksRandomData </param-value> </init-param>
             <init-param><param-name>  template    </param-name>
                         <param-value> index.template </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.tks.randomdata </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> certUserDBAuthMgr </param-value> </init-param>
   </servlet>


   <servlet>
      <servlet-name>  tksports  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.base.PortsServlet  </servlet-class>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksports    </param-value> </init-param>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> false        </param-value> </init-param>
             <init-param><param-name>  interface  </param-name>
                         <param-value> ee      </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  services </servlet-name>
      <servlet-class> com.netscape.cms.servlet.csadmin.MainPageServlet </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> false       </param-value> </init-param>
             <init-param><param-name>  authorityId  </param-name>
                         <param-value> tks          </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> services </param-value> </init-param>
             <init-param><param-name>  templatePath  </param-name>
                         <param-value> /services.template </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  tksDownloadPKCS12  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.csadmin.DownloadPKCS12  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> false       </param-value> </init-param>
             <init-param><param-name>  authority   </param-name>
                         <param-value> tks          </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksDownloadPKCS12 </param-value> </init-param>
             <init-param><param-name>  interface   </param-name>
                         <param-value> ee          </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> TokenAuth </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.clone.configuration </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  tksGetConfigEntries  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.csadmin.GetConfigEntries </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> false       </param-value> </init-param>
             <init-param><param-name>  authority   </param-name>
                         <param-value> tks          </param-value> </init-param>
             <init-param><param-name>  ID          </param-name>
                         <param-value> tksGetConfigEntries </param-value> </init-param>
             <init-param><param-name>  AuthzMgr    </param-name>
                         <param-value> BasicAclAuthz </param-value> </init-param>
             <init-param><param-name>  AuthMgr     </param-name>
                         <param-value> TokenAuth </param-value> </init-param>
             <init-param><param-name>  resourceID  </param-name>
                         <param-value> certServer.clone.configuration.GetConfigEntries </param-value> </init-param>
   </servlet>

   <servlet>
      <servlet-name>  tksGetTokenInfo  </servlet-name>
      <servlet-class> com.netscape.cms.servlet.csadmin.GetTokenInfo  </servlet-class>
             <init-param><param-name>  GetClientCert  </param-name>
                         <param-value> false       </param-value> </init-param>
             <init-param><param-name>  authority   </param-name>
                         <param-value> tks          </param-value> </init-param>             <init-param><param-name>  ID          </param-name>
                         <param-value> tksGetTokenInfo </param-value> </init-param>
             <init-param><param-name>  interface   </param-name>
                         <param-value> ee          </param-value> </init-param>
   </servlet>

   <listener>
      <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
   </listener>

   <context-param>
      <param-name>resteasy.servlet.mapping.prefix</param-name>
      <param-value>/rest</param-value>
   </context-param>

   <context-param>
      <param-name>resteasy.resource.method-interceptors</param-name>
      <param-value>
         org.jboss.resteasy.core.ResourceMethodSecurityInterceptor
      </param-value>
   </context-param>

   <servlet>
      <servlet-name>Resteasy</servlet-name>
      <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
      <init-param>
         <param-name>javax.ws.rs.Application</param-name>
         <param-value>com.netscape.tks.TKSApplication</param-value>
      </init-param>
   </servlet>

   <servlet-mapping>
      <servlet-name>Resteasy</servlet-name>
      <url-pattern>/rest/*</url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksstart  </servlet-name>
      <url-pattern>   /start  </url-pattern>
   </servlet-mapping>
                                                                                
   <servlet-mapping>
      <servlet-name>  tksug  </servlet-name>
      <url-pattern>   /ug  </url-pattern>
   </servlet-mapping>
                                                                                
   <servlet-mapping>
      <servlet-name>  tkslog  </servlet-name>
      <url-pattern>   /log  </url-pattern>
   </servlet-mapping>
                                                                                
   <servlet-mapping>
      <servlet-name>  tksauths  </servlet-name>
      <url-pattern>   /auths  </url-pattern>
   </servlet-mapping>
                         
<!--                                                       
   <servlet-mapping>
      <servlet-name>  tksjobsScheduler  </servlet-name>
      <url-pattern>   /jobsScheduler  </url-pattern>
   </servlet-mapping>
-->
                                                                                
   <servlet-mapping>
      <servlet-name>  tksacl  </servlet-name>
      <url-pattern>   /acl  </url-pattern>
   </servlet-mapping>
                                                                                
   <servlet-mapping>
      <servlet-name>  tksserver  </servlet-name>
      <url-pattern>   /server  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksEncryptData  </servlet-name>
      <url-pattern>   /agent/tks/encryptData  </url-pattern>
   </servlet-mapping>
                                                                                
   <servlet-mapping>
      <servlet-name>  tksCreateKeySetData  </servlet-name>
      <url-pattern>   /agent/tks/createKeySetData  </url-pattern>
   </servlet-mapping>
                                                                                
   <servlet-mapping>
      <servlet-name>  tksSessionKey  </servlet-name>
      <url-pattern>   /agent/tks/computeSessionKey  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksRandomData  </servlet-name>
      <url-pattern>   /agent/tks/computeRandomData  </url-pattern>
   </servlet-mapping>

                                                                                
    <servlet-mapping>
        <servlet-name>csadmin-wizard</servlet-name>
        <url-pattern>/admin/console/config/wizard</url-pattern>
    </servlet-mapping>
                                                                                
    <servlet-mapping>
        <servlet-name>csadmin-login</servlet-name>
        <url-pattern>/admin/console/config/login</url-pattern>
    </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksGetConfigEntries  </servlet-name>
      <url-pattern>   /admin/tks/getConfigEntries  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksports  </servlet-name>
      <url-pattern>   /ee/tks/ports  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksRegisterUser </servlet-name>
      <url-pattern>   /admin/tks/registerUser  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksImportTransportCert </servlet-name>
      <url-pattern>   /admin/tks/importTransportCert  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  services </servlet-name>
      <url-pattern>   /services  </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksDownloadPKCS12 </servlet-name>
      <url-pattern>   /admin/console/config/savepkcs12 </url-pattern>
   </servlet-mapping>

   <servlet-mapping>
      <servlet-name>  tksGetTokenInfo </servlet-name>
      <url-pattern>   /ee/tks/getTokenInfo </url-pattern>
   </servlet-mapping>

   <!-- ==================== Default Session Configuration =============== -->
   <!-- You can set the default session timeout (in minutes) for all newly -->
   <!-- created sessions by modifying the value below.                     -->
   <!--                                                                    -->
   <!-- To disable session timeouts for this instance, set a value of -1.  -->

   <session-config>
        <session-timeout>30</session-timeout>
   </session-config>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Account Services</web-resource-name>
            <url-pattern>/rest/account/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Services</web-resource-name>
            <url-pattern>/rest/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <login-config>
        <realm-name>Token Key Service</realm-name>
    </login-config>

    <security-role>
        <role-name>*</role-name>
    </security-role>

</web-app>