From 5c6341ac6f1f35cc26484e5d06d5a36dc6c92f1f Mon Sep 17 00:00:00 2001 From: Marco Fargetta Date: Wed, 21 Aug 2024 12:08:11 +0200 Subject: [PATCH] Add TPS TPSProfileService to v2 APIs --- .../tps/profile/ProfileCollection.java | 3 +- .../tps/rest/base/ProfileProcessor.java | 495 ++++++++++++++++++ .../server/tps/rest/v2/TPSProfileServlet.java | 118 +++++ .../tps/rest/v2/filters/TPSProfileACL.java | 31 ++ .../rest/v2/filters/TPSProfileAuthMethod.java | 21 + 5 files changed, 667 insertions(+), 1 deletion(-) create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/ProfileProcessor.java create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSProfileServlet.java create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileACL.java create mode 100644 base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileAuthMethod.java diff --git a/base/common/src/main/java/com/netscape/certsrv/tps/profile/ProfileCollection.java b/base/common/src/main/java/com/netscape/certsrv/tps/profile/ProfileCollection.java index 0d234c93547..c0ef68996e6 100644 --- a/base/common/src/main/java/com/netscape/certsrv/tps/profile/ProfileCollection.java +++ b/base/common/src/main/java/com/netscape/certsrv/tps/profile/ProfileCollection.java @@ -22,10 +22,11 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.netscape.certsrv.base.DataCollection; +import com.netscape.certsrv.util.JSONSerializer; /** * @author Endi S. Dewata */ @JsonInclude(Include.NON_NULL) @JsonIgnoreProperties(ignoreUnknown=true) -public class ProfileCollection extends DataCollection {} +public class ProfileCollection extends DataCollection implements JSONSerializer {} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/ProfileProcessor.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/ProfileProcessor.java new file mode 100644 index 00000000000..9f49450b546 --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/base/ProfileProcessor.java @@ -0,0 +1,495 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.base; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.lang3.StringUtils; +import org.dogtagpki.server.rest.v2.PKIServlet; +import org.dogtagpki.server.tps.TPSEngine; +import org.dogtagpki.server.tps.TPSSubsystem; +import org.dogtagpki.server.tps.config.ProfileDatabase; +import org.dogtagpki.server.tps.config.ProfileRecord; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.BadRequestException; +import com.netscape.certsrv.base.ForbiddenException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.common.Constants; +import com.netscape.certsrv.logging.AuditEvent; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.tps.profile.ProfileCollection; +import com.netscape.certsrv.tps.profile.ProfileData; +import com.netscape.certsrv.user.UserResource; +import com.netscape.cmscore.apps.CMS; +import com.netscape.cmscore.logging.Auditor; + +/** + * @author Marco Fargetta {@literal } + * @author Endi S. Dewata + */ +public class ProfileProcessor { + private static final Logger logger = LoggerFactory.getLogger(ProfileProcessor.class); + private static final Pattern PROFILE_ID_PATTERN = Pattern.compile("^[a-zA-Z0-9_]+$"); + private static final Pattern PROPERTY_NAME_PATTERN = Pattern.compile("^[a-zA-Z0-9_\\.]+$"); + + private TPSSubsystem subsystem; + private ProfileDatabase database; + private Auditor auditor; + + public ProfileProcessor(TPSEngine engine) { + subsystem = (TPSSubsystem) engine.getSubsystem(TPSSubsystem.ID); + database = subsystem.getProfileDatabase(); + auditor = engine.getAuditor(); + } + + public ProfileCollection findProfiles(List authorizedProfiles, String filter, int start, int size) { + String method = "ProfileProcessor.findProfiles:"; + + if (filter != null && filter.length() < PKIServlet.MIN_FILTER_LENGTH) { + throw new BadRequestException(method + "Filter is too short."); + } + logger.info("{} Searching for profiles with filter {}", method, filter); + + try { + + Collection profiles = new ArrayList<>(); + if (authorizedProfiles != null) { + + Collection filteredProfiles = database.findRecords(filter); + + if (authorizedProfiles.contains(UserResource.ALL_PROFILES)) { + logger.debug("{} User allowed to access all profiles", method); + profiles.addAll(filteredProfiles); + + } else { + for (ProfileRecord profile : filteredProfiles) { + if (authorizedProfiles.contains(profile.getID())) { + logger.debug("{} User allowed to access profile {}", method, profile.getID()); + profiles.add(profile); + } + } + } + } + Iterator profileIterator = profiles.iterator(); + + ProfileCollection response = new ProfileCollection(); + int i = 0; + + // skip to the start of the page + for (; i < start && profileIterator.hasNext(); i++) + profileIterator.next(); + + // return entries up to the page size + for (; i < start + size && profileIterator.hasNext(); i++) { + response.addEntry(createProfileData(profileIterator.next())); + } + + // count the total entries + for (; profileIterator.hasNext(); i++) + profileIterator.next(); + response.setTotal(i); + + return response; + + } catch (PKIException e) { + logger.error(method + e.getMessage(), e); + throw e; + + } catch (Exception e) { + logger.error(method + e.getMessage(), e); + throw new PKIException(e); + } + } + + public ProfileData addProfile(Principal principal, ProfileData profileData) { + String method = "ProfileProcessor.addProfile:"; + + if (profileData == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, "Missing profile data"); + throw new BadRequestException(method + "Missing profile data"); + } + + String id = profileData.getID(); + if (id == null) { + id = profileData.getProfileID(); + } + + logger.info("{} Adding profile {}", method, id); + + if (!PROFILE_ID_PATTERN.matcher(id).matches()) { + throw new BadRequestException("Invalid profile ID: " + id); + } + + Map properties = profileData.getProperties(); + for (String name : properties.keySet()) { + if (!PROPERTY_NAME_PATTERN.matcher(name).matches()) { + throw new BadRequestException(method + "Invalid profile property: " + name); + } + } + try { + String status = profileData.getStatus(); + boolean statusChanged = false; + if (StringUtils.isEmpty(status) || database.requiresApproval() && !database.canApprove(principal)) { + // if status is unspecified or user doesn't have rights to approve, the entry is disabled + status = Constants.CFG_DISABLED; + profileData.setStatus(status); + statusChanged = true; + } + database.addRecord(id, createProfileRecord(profileData)); + + profileData = createProfileData(database.getRecord(id)); + + if (statusChanged) { + properties.put("Status", status); + } + auditTPSProfileChange(principal, ILogger.SUCCESS, method, id, properties, null); + + return profileData; + + } catch (PKIException e) { + logger.error(method + e.getMessage(), e); + auditTPSProfileChange(principal, ILogger.FAILURE, method, id, null, e.toString()); + throw e; + + } catch (Exception e) { + logger.error(method + e.getMessage(), e); + auditTPSProfileChange(principal, ILogger.FAILURE, method, id, null, e.toString()); + throw new PKIException(e); + } + } + + public ProfileData getProfile(List authorizedProfiles, String profileID) { + String method = "ProfileProcessor.getProfile:"; + String msg = ""; + logger.info("{} Retrieving profile {}", method, profileID); + + if (profileID == null) { + throw new BadRequestException(method + "Missing profile ID"); + } + try { + if ((authorizedProfiles== null) || (!authorizedProfiles.contains(UserResource.ALL_PROFILES) && !authorizedProfiles.contains(profileID))) { + msg = "profile record restricted for profileID:" + profileID; + logger.debug("{} {}", method, msg); + throw new PKIException(msg); + } + ProfileRecord profileRecord = database.getRecord(profileID); + return createProfileData(profileRecord); + + } catch (PKIException e) { + logger.error(method + e.getMessage(), e); + throw e; + + } catch (Exception e) { + logger.error(method + e.getMessage(), e); + throw new PKIException(e); + } + } + + public ProfileData updateProfile(Principal principal, List authorizedProfiles, String profileID, ProfileData profileData) { + String method = "ProfileProcessor.updateProfile:"; + String msg = ""; + + if (profileID == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, "Missing profile ID"); + throw new BadRequestException("Missing profile ID"); + } + logger.info("{} Updating profile {}", method, profileID); + + if (profileData == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, "Missing profile data"); + throw new BadRequestException("Missing profile data"); + } + + Map properties = profileData.getProperties(); + for (String name : properties.keySet()) { + if (!PROPERTY_NAME_PATTERN.matcher(name).matches()) { + throw new BadRequestException("Invalid profile property: " + name); + } + } + try { + if ((authorizedProfiles== null) || ((authorizedProfiles != null) && !authorizedProfiles.contains(UserResource.ALL_PROFILES) && !authorizedProfiles.contains(profileID))) { + msg = "profile record restricted for profileID:" + profileID; + logger.debug("{} {}", method, msg); + + throw new PKIException(msg); + } + ProfileRecord pRecord = database.getRecord(profileID); + + // only disabled profile can be updated + if (!Constants.CFG_DISABLED.equals(pRecord.getStatus())) { + Exception e = new ForbiddenException("Unable to update profile " + profileID); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + profileData.getProperties(), e.toString()); + throw e; + } + + // update status if specified + String status = profileData.getStatus(); + boolean statusChanged = false; + if (status != null && !Constants.CFG_DISABLED.equals(status)) { + if (!Constants.CFG_ENABLED.equals(status)) { + Exception e = new ForbiddenException(method + "Invalid profile status: " + status); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + profileData.getProperties(), e.toString()); + throw e; + } + + // if user doesn't have rights, set to pending + if (database.requiresApproval() && !database.canApprove(principal)) { + status = Constants.CFG_PENDING_APPROVAL; + } + + // enable profile + pRecord.setStatus(status); + statusChanged = true; + } + + // update properties if specified + if (properties != null) { + pRecord.setProperties(properties); + if (statusChanged) { + properties.put("Status", status); + } + } + + database.updateRecord(profileID, pRecord); + + profileData = createProfileData(database.getRecord(profileID)); + + auditTPSProfileChange(principal, ILogger.SUCCESS, method, profileData.getID(), properties, null); + + return profileData; + + } catch (PKIException e) { + logger.error(method + e.getMessage(), e); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, profileData.getProperties(), e.toString()); + throw e; + + } catch (Exception e) { + logger.error(method + e.getMessage(), e); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, profileData.getProperties(), e.toString()); + throw new PKIException(e); + } + } + + public ProfileData changeStatus(Principal principal, List authorizedProfiles, String profileID, String action) { + String method = "ProfileProcessor.changeStatus:"; + String msg = ""; + + Map auditModParams = new HashMap<>(); + + if (profileID == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, "Missin profile ID"); + throw new BadRequestException("Missing profile ID"); + } + auditModParams.put("profileID", profileID); + + if (action == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, auditModParams, "Missing action"); + throw new BadRequestException("Missing action"); + } + auditModParams.put("Action", action); + logger.info("{} Changing profile {} status: {}", method, profileID, action); + + try { + if ((authorizedProfiles== null) || (!authorizedProfiles.contains(UserResource.ALL_PROFILES) && !authorizedProfiles.contains(profileID))) { + msg = "profile record restricted for profileID:" + profileID; + logger.debug("{} {}", method, msg); + + throw new PKIException(msg); + } + + ProfileRecord pRecord = database.getRecord(profileID); + String status = pRecord.getStatus(); + + boolean canApprove = database.canApprove(principal); + + if (Constants.CFG_DISABLED.equals(status)) { + + if (database.requiresApproval()) { + + if ("submit".equals(action) && !canApprove) { + status = Constants.CFG_PENDING_APPROVAL; + + } else if ("enable".equals(action) && canApprove) { + status = Constants.CFG_ENABLED; + + } else { + Exception e = new BadRequestException(method + "Invalid action: " + action); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + } + + } else { + if ("enable".equals(action)) { + status = Constants.CFG_ENABLED; + + } else { + Exception e = new BadRequestException(method + "Invalid action: " + action); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + } + } + + } else if (Constants.CFG_ENABLED.equals(status)) { + + if ("disable".equals(action)) { + status = Constants.CFG_DISABLED; + + } else { + Exception e = new BadRequestException(method + "Invalid action: " + action); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + } + + } else if (Constants.CFG_PENDING_APPROVAL.equals(status)) { + + if ("approve".equals(action) && canApprove) { + status = Constants.CFG_ENABLED; + + } else if ("reject".equals(action) && canApprove) { + status = Constants.CFG_DISABLED; + + } else if ("cancel".equals(action) && !canApprove) { + status = Constants.CFG_DISABLED; + + } else { + Exception e = new BadRequestException(method + "Invalid action: " + action); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + } + + } else { + Exception e = new PKIException(method + "Invalid profile status: " + status); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + } + + pRecord.setStatus(status); + database.updateRecord(profileID, pRecord); + + ProfileData profileData = createProfileData(database.getRecord(profileID)); + auditModParams.put("Status", status); + auditTPSProfileChange(principal, ILogger.SUCCESS, method, profileID, auditModParams, null); + + return profileData; + + } catch (PKIException e) { + logger.error(method + e.getMessage(), e); + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, + auditModParams, e.toString()); + throw e; + + } catch (Exception e) { + logger.error(method + e.getMessage(), e); + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, + auditModParams, e.toString()); + throw new PKIException(e); + } + } + + public void removeProfile(Principal principal, String profileID) { + String method = "ProfileProcessor.removeProfile:"; + + Map auditModParams = new HashMap<>(); + + if (profileID == null) { + auditConfigTokenGeneral(principal, ILogger.FAILURE, method, null, + "Profile ID is null."); + throw new BadRequestException("Profile ID is null."); + } + auditModParams.put("profileID", profileID); + logger.info("{} Removing profile {}", method, profileID); + + try { + ProfileRecord pRecord = database.getRecord(profileID); + String status = pRecord.getStatus(); + + if (!Constants.CFG_DISABLED.equals(status)) { + Exception e = new ForbiddenException("Profile " + profileID + " is not disabled"); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + } + + database.removeRecord(profileID); + auditTPSProfileChange(principal, ILogger.SUCCESS, method, profileID, null, null); + + } catch (PKIException e) { + logger.error(method + e.getMessage(), e); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw e; + + } catch (Exception e) { + logger.error(method + e.getMessage(), e); + auditTPSProfileChange(principal, ILogger.FAILURE, method, profileID, + auditModParams, e.toString()); + throw new PKIException(e); + } + } + + private ProfileData createProfileData(ProfileRecord profileRecord) { + + String profileID = profileRecord.getID(); + + ProfileData profileData = new ProfileData(); + profileData.setID(profileID); + profileData.setProfileID(profileID); + profileData.setStatus(profileRecord.getStatus()); + profileData.setProperties(profileRecord.getProperties()); + + return profileData; + } + + private ProfileRecord createProfileRecord(ProfileData profileData) { + + ProfileRecord profileRecord = new ProfileRecord(); + profileRecord.setID(profileData.getID()); + profileRecord.setStatus(profileData.getStatus()); + profileRecord.setProperties(profileData.getProperties()); + + return profileRecord; + } + + private void auditConfigTokenGeneral(Principal principal, String status, String service, Map params, String info) { + String msg = CMS.getLogMessage( + AuditEvent.CONFIG_TOKEN_GENERAL, + principal.getName(), + status, + service, + auditor.getParamString(params), + info); + auditor.log(msg); + } + + private void auditTPSProfileChange(Principal principal, String status, String service, String profileID, Map params, + String info) { + String msg = CMS.getLogMessage( + AuditEvent.CONFIG_TOKEN_PROFILE, + principal.getName(), + status, + service, + profileID, + auditor.getParamString(params), + info); + auditor.log(msg); + } +} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSProfileServlet.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSProfileServlet.java new file mode 100644 index 00000000000..54ccf381b08 --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/TPSProfileServlet.java @@ -0,0 +1,118 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.v2; + +import java.io.PrintWriter; +import java.net.URLEncoder; +import java.util.stream.Collectors; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.dogtagpki.server.tps.rest.base.ProfileProcessor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.netscape.certsrv.base.WebAction; +import com.netscape.certsrv.tps.profile.ProfileCollection; +import com.netscape.certsrv.tps.profile.ProfileData; +import com.netscape.certsrv.util.JSONSerializer; + +/** + * @author Marco Fargetta {@literal } + */ +@WebServlet( + name = "tpsProfile", + urlPatterns = "/v2/profiles/*") +public class TPSProfileServlet extends TPSServlet { + private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory.getLogger(TPSProfileServlet.class); + + private ProfileProcessor profileProcessor; + + @Override + public void init() throws ServletException { + super.init(); + profileProcessor = new ProfileProcessor(getTPSEngine()); + } + @WebAction(method = HttpMethod.GET, paths = {""}) + public void findProfiles(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSProfileServlet.findProfiles(): session: {}", session.getId()); + int size = request.getParameter("pageSize") == null ? + DEFAULT_SIZE : Integer.parseInt(request.getParameter("pageSize")); + int start = request.getParameter("start") == null ? 0 : Integer.parseInt(request.getParameter("start")); + String filter = request.getParameter("filter"); + ProfileCollection profiles = profileProcessor.findProfiles(getAuthorizedProfiles(request), filter, start, size); + PrintWriter out = response.getWriter(); + out.println(profiles.toJSON()); + } + + @WebAction(method = HttpMethod.POST, paths = {""}) + public void addProfile(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSProfileServlet.addProfile(): session: {}", session.getId()); + String requestData = request.getReader().lines().collect(Collectors.joining()); + ProfileData profileData = JSONSerializer.fromJSON(requestData, ProfileData.class); + ProfileData newProfile = profileProcessor.addProfile(request.getUserPrincipal(), profileData); + String encodedID = URLEncoder.encode(newProfile.getID(), "UTF-8"); + StringBuffer uri = request.getRequestURL(); + uri.append("/" + encodedID); + response.setStatus(HttpServletResponse.SC_CREATED); + PrintWriter out = response.getWriter(); + out.println(newProfile.toJSON()); + + } + + @WebAction(method = HttpMethod.GET, paths = {"{}"}) + public void getProfile(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSProfileServlet.getProfile(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String profileID = pathElement[0]; + ProfileData profile = profileProcessor.getProfile(getAuthorizedProfiles(request), profileID); + PrintWriter out = response.getWriter(); + out.println(profile.toJSON()); + } + + @WebAction(method = HttpMethod.PATCH, paths = {"{}"}) + public void updateProfile(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSProfileServlet.updateProfile(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String profileID = pathElement[0]; + String requestData = request.getReader().lines().collect(Collectors.joining()); + ProfileData profileData = JSONSerializer.fromJSON(requestData, ProfileData.class); + ProfileData newProfile = profileProcessor.updateProfile(request.getUserPrincipal(), getAuthorizedProfiles(request), profileID, profileData); + PrintWriter out = response.getWriter(); + out.println(newProfile.toJSON()); + } + + @WebAction(method = HttpMethod.POST, paths = {"{}"}) + public void changeStatus(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSProfileServlet.changeStatus(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String profileID = pathElement[0]; + String action = request.getParameter("action"); + ProfileData newProfile = profileProcessor.changeStatus(request.getUserPrincipal(), getAuthorizedProfiles(request), profileID, action); + PrintWriter out = response.getWriter(); + out.println(newProfile.toJSON()); + } + + @WebAction(method = HttpMethod.DELETE, paths = {"{}"}) + public void removeProfile(HttpServletRequest request, HttpServletResponse response) throws Exception { + HttpSession session = request.getSession(); + logger.debug("TPSProfileServlet.removeProfile(): session: {}", session.getId()); + String[] pathElement = request.getPathInfo().substring(1).split("/"); + String profileID = pathElement[0]; + profileProcessor.removeProfile(request.getUserPrincipal(), profileID); + response.setStatus(HttpServletResponse.SC_NO_CONTENT); + } +} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileACL.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileACL.java new file mode 100644 index 00000000000..b13ee5e1de5 --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileACL.java @@ -0,0 +1,31 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.v2.filters; + +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; + +import org.dogtagpki.server.rest.v2.filters.ACLFilter; + +@WebFilter(servletNames = "tpsProfile") +public class TPSProfileACL extends ACLFilter { + private static final long serialVersionUID = 1L; + + @Override + public void init() throws ServletException { + setAcl("profiles.read"); + + Map aclMap = new HashMap<>(); + aclMap.put("POST:", "profiles.add"); + aclMap.put("PATCH:{}", "profiles.modify"); + aclMap.put("POST:{}", "profiles.change-status"); + aclMap.put("DELETE:{}", "profiles.remove"); + setAclMap(aclMap); + } +} diff --git a/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileAuthMethod.java b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileAuthMethod.java new file mode 100644 index 00000000000..2157b939e0b --- /dev/null +++ b/base/tps/src/main/java/org/dogtagpki/server/tps/rest/v2/filters/TPSProfileAuthMethod.java @@ -0,0 +1,21 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package org.dogtagpki.server.tps.rest.v2.filters; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; + +import org.dogtagpki.server.rest.v2.filters.AuthMethodFilter; + +@WebFilter(servletNames = "tpsProfile") +public class TPSProfileAuthMethod extends AuthMethodFilter { + private static final long serialVersionUID = 1L; + + @Override + public void init() throws ServletException { + setAuthMethod("profiles"); + } +}