Added audit service and CLI to all subsystems.

Previously the audit service and CLI were only available on TPS. Now they have been added to all subsystems. Change-Id: I3b472254641eb887289c5122df390c46ccd97d47
author: Endi S. Dewata <edewata@redhat.com> 2017-03-28 00:15:28 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-04-04 00:29:44 +0200
commit: 8e7653987bf592ae6a5968fc0c5ef6696f13d348 (patch)
tree: 09d12569579164c785bd30f7eea76822eadb2e77
parent: 5bcfd93bac70def54a1224f4a89c50ed7c11316a (diff)
21 files changed, 105 insertions, 2 deletions
diff --git a/base/ca/shared/conf/acl.properties b/base/ca/shared/conf/acl.properties
index 8b3e9d0ee..c487e4802 100644
--- a/base/ca/shared/conf/acl.properties
+++ b/base/ca/shared/conf/acl.properties
@@ -7,6 +7,11 @@
 
 account.login = certServer.ca.account,login
 account.logout = certServer.ca.account,logout
+
+# audit configuration
+audit.read = certServer.log.configuration,read
+audit.modify = certServer.log.configuration,modify
+
 certs = certServer.ca.certs,execute
 certrequests = certServer.ca.certrequests,execute
 groups = certServer.ca.groups,execute
diff --git a/base/ca/shared/conf/auth-method.properties b/base/ca/shared/conf/auth-method.properties
index 8d67690af..f7b203dd7 100644
--- a/base/ca/shared/conf/auth-method.properties
+++ b/base/ca/shared/conf/auth-method.properties
@@ -8,6 +8,7 @@
 
 default = *
 account = certUserDBAuthMgr,passwdUserDBAuthMgr
+audit = certUserDBAuthMgr
 authorities = certUserDBAuthMgr
 certs = certUserDBAuthMgr
 certrequests = certUserDBAuthMgr
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index d887db46b..bf8aed40f 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -2417,6 +2417,19 @@
 
     <security-constraint>
         <web-resource-collection>
+            <web-resource-name>Audit</web-resource-name>
+            <url-pattern>/rest/audit/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
             <web-resource-name>Authority Services</web-resource-name>
             <url-pattern>/rest/authorities/*</url-pattern>
         </web-resource-collection>
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
index b0fc73ce9..ae18e0230 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java
@@ -7,6 +7,7 @@ import javax.ws.rs.core.Application;
 
 import org.dogtagpki.server.rest.ACLInterceptor;
 import org.dogtagpki.server.rest.AccountService;
+import org.dogtagpki.server.rest.AuditService;
 import org.dogtagpki.server.rest.AuthMethodInterceptor;
 import org.dogtagpki.server.rest.FeatureService;
 import org.dogtagpki.server.rest.GroupService;
@@ -32,6 +33,9 @@ public class CAApplication extends Application {
         // account
         classes.add(AccountService.class);
 
+        // audit
+        classes.add(AuditService.class);
+
         // installer
         classes.add(CAInstallerService.class);
 
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java
index 2ec20dcb0..8e72405c5 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java
@@ -25,6 +25,7 @@ import com.netscape.cmstools.authority.AuthorityCLI;
 import com.netscape.cmstools.cert.CertCLI;
 import com.netscape.cmstools.feature.FeatureCLI;
 import com.netscape.cmstools.group.GroupCLI;
+import com.netscape.cmstools.logging.AuditCLI;
 import com.netscape.cmstools.profile.ProfileCLI;
 import com.netscape.cmstools.selftests.SelfTestCLI;
 import com.netscape.cmstools.system.KRAConnectorCLI;
@@ -41,6 +42,7 @@ public class CACLI extends SubsystemCLI {
         super("ca", "CA management commands", parent);
 
         addModule(new AuthorityCLI(this));
+        addModule(new AuditCLI(this));
         addModule(new CertCLI(this));
         addModule(new FeatureCLI(this));
         addModule(new GroupCLI(this));
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java b/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java
index 2db85aafe..190be1132 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java
@@ -23,6 +23,7 @@ import com.netscape.certsrv.client.SubsystemClient;
 import com.netscape.certsrv.kra.KRAClient;
 import com.netscape.cmstools.group.GroupCLI;
 import com.netscape.cmstools.key.KeyCLI;
+import com.netscape.cmstools.logging.AuditCLI;
 import com.netscape.cmstools.selftests.SelfTestCLI;
 import com.netscape.cmstools.user.UserCLI;
 
@@ -36,6 +37,7 @@ public class KRACLI extends SubsystemCLI {
     public KRACLI(CLI parent) {
         super("kra", "KRA management commands", parent);
 
+        addModule(new AuditCLI(this));
         addModule(new GroupCLI(this));
         addModule(new KeyCLI(this));
         addModule(new SelfTestCLI(this));
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java
index 6348359e2..15ec5e39b 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java
@@ -22,6 +22,7 @@ import com.netscape.certsrv.client.PKIClient;
 import com.netscape.certsrv.client.SubsystemClient;
 import com.netscape.certsrv.ocsp.OCSPClient;
 import com.netscape.cmstools.group.GroupCLI;
+import com.netscape.cmstools.logging.AuditCLI;
 import com.netscape.cmstools.selftests.SelfTestCLI;
 import com.netscape.cmstools.user.UserCLI;
 
@@ -35,6 +36,7 @@ public class OCSPCLI extends SubsystemCLI {
     public OCSPCLI(CLI parent) {
         super("ocsp", "OCSP management commands", parent);
 
+        addModule(new AuditCLI(this));
         addModule(new GroupCLI(this));
         addModule(new SelfTestCLI(this));
         addModule(new UserCLI(this));
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java
index 1afdf649f..1e2db2cf0 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java
@@ -22,6 +22,7 @@ import com.netscape.certsrv.client.PKIClient;
 import com.netscape.certsrv.client.SubsystemClient;
 import com.netscape.certsrv.tks.TKSClient;
 import com.netscape.cmstools.group.GroupCLI;
+import com.netscape.cmstools.logging.AuditCLI;
 import com.netscape.cmstools.selftests.SelfTestCLI;
 import com.netscape.cmstools.system.TPSConnectorCLI;
 import com.netscape.cmstools.user.UserCLI;
@@ -36,6 +37,7 @@ public class TKSCLI extends SubsystemCLI {
     public TKSCLI(CLI parent) {
         super("tks", "TKS management commands", parent);
 
+        addModule(new AuditCLI(this));
         addModule(new GroupCLI(this));
         addModule(new SelfTestCLI(this));
         addModule(new TPSConnectorCLI(this));
diff --git a/base/kra/shared/conf/acl.properties b/base/kra/shared/conf/acl.properties
index 3fde90465..8cac3ee63 100644
--- a/base/kra/shared/conf/acl.properties
+++ b/base/kra/shared/conf/acl.properties
@@ -7,6 +7,11 @@
 
 account.login = certServer.kra.account,login
 account.logout = certServer.kra.account,logout
+
+# audit configuration
+audit.read = certServer.log.configuration,read
+audit.modify = certServer.log.configuration,modify
+
 groups = certServer.kra.groups,execute
 keys = certServer.kra.keys,execute
 keyrequests = certServer.kra.keyrequests,execute
diff --git a/base/kra/shared/conf/auth-method.properties b/base/kra/shared/conf/auth-method.properties
index 108448c1f..2944e499f 100644
--- a/base/kra/shared/conf/auth-method.properties
+++ b/base/kra/shared/conf/auth-method.properties
@@ -8,6 +8,7 @@
 
 default = *
 account = certUserDBAuthMgr,passwdUserDBAuthMgr
+audit = certUserDBAuthMgr
 groups = certUserDBAuthMgr
 keys = certUserDBAuthMgr
 keyrequests = certUserDBAuthMgr
diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml
index ce0a51ecb..5b7031a1b 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/web.xml
+++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml
@@ -1104,6 +1104,19 @@
         </user-data-constraint>
     </security-constraint>
 
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Audit</web-resource-name>
+            <url-pattern>/rest/audit/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
    [PKI_OPEN_STANDALONE_COMMENT]
     <security-constraint>
         <web-resource-collection>
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java b/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java
index 773d8dd19..6244270c0 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java
@@ -7,6 +7,7 @@ import javax.ws.rs.core.Application;
 
 import org.dogtagpki.server.rest.ACLInterceptor;
 import org.dogtagpki.server.rest.AccountService;
+import org.dogtagpki.server.rest.AuditService;
 import org.dogtagpki.server.rest.AuthMethodInterceptor;
 import org.dogtagpki.server.rest.GroupService;
 import org.dogtagpki.server.rest.MessageFormatInterceptor;
@@ -31,6 +32,9 @@ public class KRAApplication extends Application {
         // account
         classes.add(AccountService.class);
 
+        // audit
+        classes.add(AuditService.class);
+
         // installer
         classes.add(KRAInstallerService.class);
 
diff --git a/base/ocsp/shared/conf/acl.properties b/base/ocsp/shared/conf/acl.properties
index 9528f11fa..26b212d9d 100644
--- a/base/ocsp/shared/conf/acl.properties
+++ b/base/ocsp/shared/conf/acl.properties
@@ -7,6 +7,11 @@
 
 account.login = certServer.ocsp.account,login
 account.logout = certServer.ocsp.account,logout
+
+# audit configuration
+audit.read = certServer.log.configuration,read
+audit.modify = certServer.log.configuration,modify
+
 groups = certServer.ocsp.groups,execute
 selftests.read = certServer.ocsp.selftests,read
 selftests.execute = certServer.ocsp.selftests,execute
diff --git a/base/ocsp/shared/conf/auth-method.properties b/base/ocsp/shared/conf/auth-method.properties
index 9f5a7a1d3..98aee66ab 100644
--- a/base/ocsp/shared/conf/auth-method.properties
+++ b/base/ocsp/shared/conf/auth-method.properties
@@ -8,6 +8,7 @@
 
 default = *
 account = certUserDBAuthMgr,passwdUserDBAuthMgr
+audit = certUserDBAuthMgr
 groups = certUserDBAuthMgr
 selftests = certUserDBAuthMgr
 users = certUserDBAuthMgr
diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
index b8eccf1db..e6108000d 100644
--- a/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
+++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
@@ -726,6 +726,19 @@
         </user-data-constraint>
     </security-constraint>
 
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Audit</web-resource-name>
+            <url-pattern>/rest/audit/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
    [PKI_OPEN_STANDALONE_COMMENT]
     <security-constraint>
         <web-resource-collection>
diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java
index 99fefaeda..8d6e4a983 100644
--- a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java
+++ b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java
@@ -7,6 +7,7 @@ import javax.ws.rs.core.Application;
 
 import org.dogtagpki.server.rest.ACLInterceptor;
 import org.dogtagpki.server.rest.AccountService;
+import org.dogtagpki.server.rest.AuditService;
 import org.dogtagpki.server.rest.AuthMethodInterceptor;
 import org.dogtagpki.server.rest.GroupService;
 import org.dogtagpki.server.rest.MessageFormatInterceptor;
@@ -31,6 +32,9 @@ public class OCSPApplication extends Application {
         // account
         classes.add(AccountService.class);
 
+        // audit
+        classes.add(AuditService.class);
+
         // installer
         classes.add(OCSPInstallerService.class);
 
diff --git a/base/tks/shared/conf/acl.properties b/base/tks/shared/conf/acl.properties
index d2c237290..7146d3869 100644
--- a/base/tks/shared/conf/acl.properties
+++ b/base/tks/shared/conf/acl.properties
@@ -7,6 +7,11 @@
 
 account.login = certServer.tks.account,login
 account.logout = certServer.tks.account,logout
+
+# audit configuration
+audit.read = certServer.log.configuration,read
+audit.modify = certServer.log.configuration,modify
+
 groups = certServer.tks.groups,execute
 selftests.read = certServer.tks.selftests,read
 selftests.execute = certServer.tks.selftests,execute
diff --git a/base/tks/shared/conf/auth-method.properties b/base/tks/shared/conf/auth-method.properties
index fe91b9051..cc808252d 100644
--- a/base/tks/shared/conf/auth-method.properties
+++ b/base/tks/shared/conf/auth-method.properties
@@ -8,6 +8,7 @@
 
 default = *
 account = certUserDBAuthMgr,passwdUserDBAuthMgr
+audit = certUserDBAuthMgr
 groups = certUserDBAuthMgr
 selftests = certUserDBAuthMgr
 tpsconnectors = certUserDBAuthMgr
diff --git a/base/tks/shared/webapps/tks/WEB-INF/web.xml b/base/tks/shared/webapps/tks/WEB-INF/web.xml
index 2d4c0297c..18c85a3e7 100644
--- a/base/tks/shared/webapps/tks/WEB-INF/web.xml
+++ b/base/tks/shared/webapps/tks/WEB-INF/web.xml
@@ -406,6 +406,19 @@
 
     <security-constraint>
         <web-resource-collection>
+            <web-resource-name>Audit</web-resource-name>
+            <url-pattern>/rest/audit/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
             <web-resource-name>Self Tests</web-resource-name>
             <url-pattern>/rest/selftests/*</url-pattern>
         </web-resource-collection>
diff --git a/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java b/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java
index 278076d13..ca19e38d8 100644
--- a/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java
+++ b/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java
@@ -7,6 +7,7 @@ import javax.ws.rs.core.Application;
 
 import org.dogtagpki.server.rest.ACLInterceptor;
 import org.dogtagpki.server.rest.AccountService;
+import org.dogtagpki.server.rest.AuditService;
 import org.dogtagpki.server.rest.AuthMethodInterceptor;
 import org.dogtagpki.server.rest.GroupService;
 import org.dogtagpki.server.rest.MessageFormatInterceptor;
@@ -26,6 +27,9 @@ public class TKSApplication extends Application {
         // account
         classes.add(AccountService.class);
 
+        // audit
+        classes.add(AuditService.class);
+
         // installer
         classes.add(TKSInstallerService.class);
 
diff --git a/base/tps/shared/conf/acl.properties b/base/tps/shared/conf/acl.properties
index 2d2dc717a..1c581b372 100644
--- a/base/tps/shared/conf/acl.properties
+++ b/base/tps/shared/conf/acl.properties
@@ -8,8 +8,11 @@
 
 account.login = certServer.tps.account,login
 account.logout = certServer.tps.account,logout
-audit.read = certServer.tps.audit,read
-audit.modify = certServer.tps.audit,modify
+
+# audit configuration
+audit.read = certServer.log.configuration,read
+audit.modify = certServer.log.configuration,modify
+
 authenticators.read = certServer.tps.authenticators,read
 authenticators.add = certServer.tps.authenticators,add
 authenticators.modify = certServer.tps.authenticators,modify
author	Endi S. Dewata <edewata@redhat.com>	2017-03-28 00:15:28 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-04-04 00:29:44 +0200
commit	8e7653987bf592ae6a5968fc0c5ef6696f13d348 (patch)
tree	09d12569579164c785bd30f7eea76822eadb2e77
parent	5bcfd93bac70def54a1224f4a89c50ed7c11316a (diff)