diff --git a/base/common/src/main/java/com/netscape/certsrv/tps/authenticator/AuthenticatorCollection.java b/base/common/src/main/java/com/netscape/certsrv/tps/authenticator/AuthenticatorCollection.java index 3d04b670082..afb3f5acbdf 100644 --- a/base/common/src/main/java/com/netscape/certsrv/tps/authenticator/AuthenticatorCollection.java +++ b/base/common/src/main/java/com/netscape/certsrv/tps/authenticator/AuthenticatorCollection.java @@ -24,13 +24,14 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.netscape.certsrv.base.DataCollection; +import com.netscape.certsrv.util.JSONSerializer; /** * @author Endi S. Dewata */ @JsonInclude(Include.NON_NULL) @JsonIgnoreProperties(ignoreUnknown=true) -public class AuthenticatorCollection extends DataCollection { +public class AuthenticatorCollection extends DataCollection implements JSONSerializer { @Override public Collection getEntries() { diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/AuthenticatorProcessor.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/AuthenticatorProcessor.java new file mode 100644 index 00000000000..ae2a89a1d9e --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/AuthenticatorProcessor.java @@ -0,0 +1,433 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.base; + +import java.security.Principal; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; +import org.dogtagpki.server.rest.v2.PKIServlet; +import org.dogtagpki.server.tps.TPSEngine; +import org.dogtagpki.server.tps.TPSSubsystem; +import org.dogtagpki.server.tps.config.AuthenticatorDatabase; +import org.dogtagpki.server.tps.config.AuthenticatorRecord; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.BadRequestException; +import com.netscape.certsrv.base.ForbiddenException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.logging.AuditEvent; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.tps.authenticator.AuthenticatorCollection; +import com.netscape.certsrv.tps.authenticator.AuthenticatorData; +import com.netscape.cmscore.apps.CMS; +import com.netscape.cmscore.logging.Auditor; + +/** + * @author Marco Fargetta {@literal } + * @author Endi S. Dewata + */ +public class AuthenticatorProcessor { + private static final Logger logger = LoggerFactory.getLogger(AuthenticatorProcessor.class); + + private TPSSubsystem subsystem; + private AuthenticatorDatabase database; + private Auditor auditor; + + public AuthenticatorProcessor(TPSEngine engine) { + subsystem = (TPSSubsystem) engine.getSubsystem(TPSSubsystem.ID); + database = subsystem.getAuthenticatorDatabase(); + auditor = engine.getAuditor(); + } + + public AuthenticatorCollection findAuthenticators(String filter, int start, int size) { + logger.debug("AuthenticatorProcessor.findAuthenticators()"); + + if (filter != null && filter.length() < PKIServlet.MIN_FILTER_LENGTH) { + throw new BadRequestException("Filter is too short."); + } + try { + Iterator authenticators = database.findRecords(filter).iterator(); + + AuthenticatorCollection response = new AuthenticatorCollection(); + int i = 0; + + // skip to the start of the page + for (; i < start && authenticators.hasNext(); i++) + authenticators.next(); + + // return entries up to the page size + for (; i < start + size && authenticators.hasNext(); i++) { + response.addEntry(createAuthenticatorData(authenticators.next())); + } + + // count the total entries + for (; authenticators.hasNext(); i++) + authenticators.next(); + response.setTotal(i); + + return response; + + } catch (PKIException e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + throw e; + + } catch (Exception e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + throw new PKIException(e); + } + } + + public AuthenticatorData addAuthenticator(Principal principal, AuthenticatorData authenticatorData) { + String method = "AuthenticatorProcessor.addAuthenticator"; + + if (authenticatorData == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, + "Authenticator data is null."); + throw new BadRequestException("Authenticator data is null."); + } + + logger.debug("AuthenticatorProcessor.addAuthenticator(\"{}\")", authenticatorData.getID()); + + try { + String status = authenticatorData.getStatus(); + + boolean statusChanged = false; + if (StringUtils.isEmpty(status) || database.requiresApproval() && !database.canApprove(principal)) { + // if status is unspecified or user doesn't have rights to approve, the entry is disabled + status = Constants.CFG_DISABLED; + authenticatorData.setStatus(status); + statusChanged = true; + } + + database.addRecord(authenticatorData.getID(), createAuthenticatorRecord(authenticatorData)); + authenticatorData = createAuthenticatorData(database.getRecord(authenticatorData.getID())); + Map properties = authenticatorData.getProperties(); + if (statusChanged) { + properties.put("Status", status); + } + auditTPSAuthenticatorChange(principal, ILogger.SUCCESS, method, authenticatorData.getID(), properties, null); + + return authenticatorData; + + } catch (PKIException e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorData.getID(), authenticatorData.getProperties(), e.toString()); + + throw e; + + } catch (Exception e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorData.getID(), authenticatorData.getProperties(), e.toString()); + throw new PKIException(e); + } + } + + public AuthenticatorData getAuthenticator(String authenticatorID) { + if (authenticatorID == null) + throw new BadRequestException("Authenticator ID is null."); + + logger.debug("AuthenticatorProcessor.getAuthenticator(\"{}\")", authenticatorID); + try { + return createAuthenticatorData(database.getRecord(authenticatorID)); + + } catch (PKIException e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + throw e; + + } catch (Exception e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + throw new PKIException(e); + } + } + + public AuthenticatorData updateAuthenticator(Principal principal, String authenticatorID, AuthenticatorData authenticatorData) { + String method = "AuthenticatorProcessor.updateAuthenticator"; + + if (authenticatorID == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, + "Authenticator ID is null."); + throw new BadRequestException("Authenticator ID is null."); + } + if (authenticatorData == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, + "Authenticator data is null."); + throw new BadRequestException("Authenticator data is null."); + } + + logger.debug("AuthenticatorProcessor.updateAuthenticator(\"{}\")", authenticatorID); + + try { + AuthenticatorRecord authRecord = database.getRecord(authenticatorID); + + // only disabled authenticator can be updated + if (!Constants.CFG_DISABLED.equals(authRecord.getStatus())) { + Exception e = new ForbiddenException("Unable to update authenticator " + + authenticatorID + + "; authenticator not disabled"); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, authenticatorData.getProperties(), e.toString()); + throw e; + } + + // update status if specified + String status = authenticatorData.getStatus(); + boolean statusChanged = false; + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { + ForbiddenException e = new ForbiddenException("Invalid authenticator status: " + status); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, authenticatorData.getProperties(), e.toString()); + throw e; + } + + // if user doesn't have rights, set to pending + if (database.requiresApproval() && !database.canApprove(principal)) { + status = Constants.CFG_PENDING_APPROVAL; + statusChanged = true; + } + + // enable authenticator + authRecord.setStatus(status); + } + + // update properties if specified + Map properties = authenticatorData.getProperties(); + if (properties != null) { + authRecord.setProperties(authenticatorData.getProperties()); + if (statusChanged) { + properties.put("Status", status); + } + } + + database.updateRecord(authenticatorID, authRecord); + + authenticatorData = createAuthenticatorData(database.getRecord(authenticatorID)); + auditTPSAuthenticatorChange(principal, ILogger.SUCCESS, method, authenticatorData.getID(), properties, null); + + return authenticatorData; + + } catch (PKIException e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, authenticatorData.getProperties(), e.toString()); + throw e; + + } catch (Exception e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, authenticatorData.getProperties(), e.toString()); + throw new PKIException(e); + } + } + + public AuthenticatorData changeStatus(Principal principal, String authenticatorID, String action) { + String method = "AuthenticatorProcessor.changeStatus"; + Map auditModParams = new HashMap<>(); + + if (authenticatorID == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, + "authenticator id is null."); + throw new BadRequestException("Authenticator ID is null."); + } + auditModParams.put("authenticatorID", authenticatorID); + if (action == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, auditModParams, + "action is null."); + throw new BadRequestException("Action is null."); + } + auditModParams.put("Action", action); + + logger.debug("AuthenticatorProcessor.changeStatus(\"{}\", \"{}\")", authenticatorID, action); + + try { + AuthenticatorRecord authRecord = database.getRecord(authenticatorID); + String status = authRecord.getStatus(); + + boolean canApprove = database.canApprove(principal); + + if (Constants.CFG_DISABLED.equals(status)) { + + if (database.requiresApproval()) { + + if ("submit".equals(action) && !canApprove) { + status = Constants.CFG_PENDING_APPROVAL; + + } else if ("enable".equals(action) && canApprove) { + status = Constants.CFG_ENABLED; + + } else { + Exception e = new BadRequestException("Invalid action: " + action); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + } + + } else { + if ("enable".equals(action)) { + status = Constants.CFG_ENABLED; + + } else { + Exception e = new BadRequestException("Invalid action: " + action); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + } + } + + } else if (Constants.CFG_ENABLED.equals(status)) { + + if ("disable".equals(action)) { + status = Constants.CFG_DISABLED; + + } else { + Exception e = new BadRequestException("Invalid action: " + action); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + } + + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { + + if ("approve".equals(action) && canApprove) { + status = Constants.CFG_ENABLED; + + } else if ("reject".equals(action) && canApprove) { + status = Constants.CFG_DISABLED; + + } else if ("cancel".equals(action) && !canApprove) { + status = Constants.CFG_DISABLED; + + } else { + Exception e = new BadRequestException("Invalid action: " + action); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + } + + } else { + PKIException e = new PKIException("Invalid status: " + status); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + } + + authRecord.setStatus(status); + database.updateRecord(authenticatorID, authRecord); + + AuthenticatorData authenticatorData = createAuthenticatorData(database.getRecord(authenticatorID)); + auditModParams.put("Status", status); + auditTPSAuthenticatorChange(principal, ILogger.SUCCESS, method, authenticatorID, auditModParams, null); + + return authenticatorData; + + } catch (PKIException e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + + } catch (Exception e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw new PKIException(e); + } + } + + public void removeAuthenticator(Principal principal, String authenticatorID) { + String method = "AuthenticatorProcessor.removeAuthenticator"; + Map auditModParams = new HashMap<>(); + + if (authenticatorID == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, + "Authenticator ID is null."); + throw new BadRequestException("Authenticator ID is null."); + } + auditModParams.put("authenticatorID", authenticatorID); + + logger.debug("AuthenticatorProcessor.removeAuthenticator(\"{}\")", authenticatorID); + try { + AuthenticatorRecord authRecord = database.getRecord(authenticatorID); + String status = authRecord.getStatus(); + + if (!Constants.CFG_DISABLED.equals(status)) { + Exception e = new ForbiddenException("Unable to remove authenticator " + + authenticatorID + + "; authenticator not disabled"); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + } + + database.removeRecord(authenticatorID); + auditTPSAuthenticatorChange(principal, ILogger.SUCCESS, method, authenticatorID, null, null); + + } catch (PKIException e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw e; + + } catch (Exception e) { + logger.error("AuthenticatorProcessor: " + e.getMessage(), e); + auditTPSAuthenticatorChange(principal, ILogger.FAILURE, method, + authenticatorID, auditModParams, e.toString()); + throw new PKIException(e); + } + } + + private AuthenticatorData createAuthenticatorData(AuthenticatorRecord authenticatorRecord) { + String authenticatorID = authenticatorRecord.getID(); + + AuthenticatorData authenticatorData = new AuthenticatorData(); + authenticatorData.setID(authenticatorID); + authenticatorData.setStatus(authenticatorRecord.getStatus()); + authenticatorData.setProperties(authenticatorRecord.getProperties()); + + return authenticatorData; + } + + private AuthenticatorRecord createAuthenticatorRecord(AuthenticatorData authenticatorData) { + AuthenticatorRecord authenticatorRecord = new AuthenticatorRecord(); + authenticatorRecord.setID(authenticatorData.getID()); + authenticatorRecord.setStatus(authenticatorData.getStatus()); + authenticatorRecord.setProperties(authenticatorData.getProperties()); + + return authenticatorRecord; + } + + private void auditTPSAuthenticatorChange(Principal principal, String status, String service, String authenticatorID, + Map params, String info) { + + String msg = CMS.getLogMessage( + AuditEvent.CONFIG_TOKEN_AUTHENTICATOR, + principal.getName(), + status, + service, + authenticatorID, + auditor.getParamString(params), + info); + auditor.log(msg); + } + + private void auditConfigTokenGeneral(Principal principal, String status, String service, Map params, String info) { + + String msg = CMS.getLogMessage( + AuditEvent.CONFIG_TOKEN_GENERAL, + principal.getName(), + status, + service, + auditor.getParamString(params), + info); + auditor.log(msg); + } +} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/AuthenticatorServlet.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/AuthenticatorServlet.java new file mode 100644 index 00000000000..008eceeb70e --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/AuthenticatorServlet.java @@ -0,0 +1,119 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.v2; + +import java.io.PrintWriter; +import java.net.URLEncoder; +import java.util.stream.Collectors; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.dogtagpki.server.tps.rest.base.AuthenticatorProcessor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.WebAction; +import com.netscape.certsrv.tps.authenticator.AuthenticatorCollection; +import com.netscape.certsrv.tps.authenticator.AuthenticatorData; +import com.netscape.certsrv.util.JSONSerializer; + +/** + * @author Marco Fargetta {@literal } + */ +@WebServlet( + name = "tpsAuthenticator", + urlPatterns = "/v2/authenticators/*") +public class AuthenticatorServlet extends TPSServlet { + private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory.getLogger(AuthenticatorServlet.class); + + private AuthenticatorProcessor authenticatorProcessor; + @Override + public void init() throws ServletException { + super.init(); + authenticatorProcessor = new AuthenticatorProcessor(getTPSEngine()); + } + + @WebAction(method = HttpMethod.GET, paths = {""}) + public void findAuthenticators(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("AuthenticatorServlet.findAuthenticators(): session: {}", session.getId()); + String filter = request.getParameter("filter"); + int size = request.getParameter("size") == null ? + DEFAULT_SIZE : Integer.parseInt(request.getParameter("size")); + int start = request.getParameter("start") == null ? 0 : Integer.parseInt(request.getParameter("start")); + + AuthenticatorCollection authenticators = authenticatorProcessor.findAuthenticators(filter, start, size); + PrintWriter out = response.getWriter(); + out.println(authenticators.toJSON()); + } + + @WebAction(method = HttpMethod.POST, paths = {""}) + public void addAuthenticator(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("AuthenticatorServlet.addAuthenticator(): session: {}", session.getId()); + String requestData = request.getReader().lines().collect(Collectors.joining()); + AuthenticatorData authenticatorData = JSONSerializer.fromJSON(requestData, AuthenticatorData.class); + AuthenticatorData newAuthenticator = authenticatorProcessor.addAuthenticator(request.getUserPrincipal(), authenticatorData); + String encodedID = URLEncoder.encode(newAuthenticator.getID(), "UTF-8"); + StringBuffer uri = request.getRequestURL(); + uri.append("/" + encodedID); + response.setStatus(HttpServletResponse.SC_CREATED); + response.setHeader("Location", uri.toString()); + PrintWriter out = response.getWriter(); + out.println(newAuthenticator.toJSON()); + } + + @WebAction(method = HttpMethod.GET, paths = {"{}"}) + public void getAuthenticator(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("AuthenticatorServlet.getAuthenticator(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String authenticatorID = pathElement[0]; + AuthenticatorData authenticator = authenticatorProcessor.getAuthenticator(authenticatorID); + PrintWriter out = response.getWriter(); + out.println(authenticator.toJSON()); + } + + @WebAction(method = HttpMethod.PATCH, paths = {"{}"}) + public void updateAuthenticator(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("AuthenticatorServlet.updateAuthenticator(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String authenticatorID = pathElement[0]; + String requestData = request.getReader().lines().collect(Collectors.joining()); + AuthenticatorData authenticatorData = JSONSerializer.fromJSON(requestData, AuthenticatorData.class); + AuthenticatorData newAuthenticator = authenticatorProcessor.updateAuthenticator(request.getUserPrincipal(), authenticatorID, authenticatorData); + PrintWriter out = response.getWriter(); + out.println(newAuthenticator.toJSON()); + } + + @WebAction(method = HttpMethod.POST, paths = {"{}"}) + public void changeStatus(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("AuthenticatorServlet.changeStatus(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String authenticatorID = pathElement[0]; + String action = request.getParameter("action"); + AuthenticatorData newAuthenticator = authenticatorProcessor.changeStatus(request.getUserPrincipal(), authenticatorID, action); + PrintWriter out = response.getWriter(); + out.println(newAuthenticator.toJSON()); + } + + @WebAction(method = HttpMethod.DELETE, paths = {"{}"}) + public void removeAuthenticator(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("AuthenticatorServlet.addAuthenticator(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String authenticatorID = pathElement[0]; + authenticatorProcessor.removeAuthenticator(request.getUserPrincipal(), authenticatorID); + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + } +} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConnectorServlet.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConnectorServlet.java index 8cbd9637e5e..dc28909d2d2 100644 --- a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConnectorServlet.java +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/ConnectorServlet.java @@ -65,6 +65,7 @@ public void addConnector(HttpServletRequest request, HttpServletResponse respons StringBuffer uri = request.getRequestURL(); uri.append("/" + encodedID); response.setStatus(HttpServletResponse.SC_CREATED); + response.setHeader("Location", uri.toString()); PrintWriter out = response.getWriter(); out.println(newConnector.toJSON()); } diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/AuthenticatorACL.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/AuthenticatorACL.java new file mode 100644 index 00000000000..ab136bbe997 --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/AuthenticatorACL.java @@ -0,0 +1,29 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.v2.filters; + +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; + +import org.dogtagpki.server.rest.v2.filters.ACLFilter; + +@WebFilter(servletNames = "tpsAuthenticator") +public class AuthenticatorACL extends ACLFilter { + private static final long serialVersionUID = 1L; + @Override + public void init() throws ServletException { + setAcl("authenticators.read"); + Map aclMap = new HashMap<>(); + aclMap.put("POST:", "authenticators.add"); + aclMap.put("PATCH:{}", "authenticators.modify"); + aclMap.put("POST:{}", "authenticators.change-status"); + aclMap.put("DELETE:{}", "authenticators.remove"); + setAclMap(aclMap); + } +} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/AuthenticatorAuthMethod.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/AuthenticatorAuthMethod.java new file mode 100644 index 00000000000..6630bf6e8aa --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/AuthenticatorAuthMethod.java @@ -0,0 +1,21 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.v2.filters; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; + +import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter; + +@WebFilter(servletNames = "tpsAuthenticator") +public class AuthenticatorAuthMethod extends AuthMethodFilter { + private static final long serialVersionUID = 1L; + + @Override + public void init() throws ServletException { + setAuthMethod("authenticators"); + } +}