From 68b3d73c291753f19d04682306ae67125dbbd431 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 5 Sep 2008 11:40:49 +0000 Subject: Adjusted default security settings for BKUOnline git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@16 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/online/conf/SpringConfigurator.java | 6 -- .../egiz/bku/online/conf/accessControlConfig.xml | 75 ++++++++-------------- 2 files changed, 25 insertions(+), 56 deletions(-) (limited to 'BKUOnline/src/main') diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index 100285ed..768bedea 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -6,14 +6,11 @@ import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Security; -import java.security.cert.CertPath; -import java.security.cert.CertPathBuilder; import java.security.cert.CertStore; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CollectionCertStoreParameters; import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXCertPathBuilderResult; import java.security.cert.TrustAnchor; import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; @@ -28,9 +25,7 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -71,7 +66,6 @@ public class SpringConfigurator extends Configurator implements String caDirectory = getProperty("SSL.caDirectory"); if (caDirectory != null) { Resource caDirRes = resourceLoader.getResource(caDirectory); - File caDir = caDirRes.getFile(); if (!caDir.isDirectory()) { log.error("Expecting directory as SSL.caDirectory parameter"); diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml index 15d62155..e12d1abe 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml @@ -1,39 +1,40 @@ + - - certifiedGovAgency - + + allow confirm - - pseudoanonymous - + + + + + + + + certifiedGovAgency - Command + allow - none + confirm - + anonymous - 127.0.0.1 Command - none - - - anonymous - $.gv.at - - allow - - confirm @@ -44,7 +45,7 @@ IdentityLink - .* + derived allow @@ -52,42 +53,16 @@ confirm - certified - https://finanzonline.bmf.gv.at/* - - - Mandates - .* + anonymous + + IdentityLink - allow + deny info - certified - - - - allow - - none - - - anonymous - - - 127.0.0.1 - - allow - - none - - - - - - allow -- cgit v1.2.3