Commit 8aca7fa3 authored by Michael Ritter's avatar Michael Ritter
Browse files

Update security constraints for REST endpoints

parent b8c7ef9c
......@@ -731,21 +731,59 @@
<role-name>Modify System Settings</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Rest</display-name>
<web-resource-collection>
<web-resource-name>CollectionManagement</web-resource-name>
<web-resource-name>Rest Modify</web-resource-name>
<description/>
<url-pattern>/rest/collection/*</url-pattern>
<http-method>GET</http-method>
<url-pattern>/rest/collection</url-pattern>
<url-pattern>/rest/collection/modify/*</url-pattern>
<url-pattern>/rest/tokenstore/*</url-pattern>
<url-pattern>/rest/settings/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Collection Modify</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Rest Browse</web-resource-name>
<url-pattern>/rest/collection/settings/*</url-pattern>
<url-pattern>/rest/settings/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Browse</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Rest Audit</web-resource-name>
<url-pattern>/rest/collection/audit/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Audit</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Rest Status</web-resource-name>
<url-pattern>/rest/groups</url-pattern>
<url-pattern>/rest/collections/by-group/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Status</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Audit Manager</realm-name>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment