diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-04-20 10:20:06 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-24 20:43:35 +0200 |
commit | aad80e8775eac61ed9eac2f3f94d2ec90207e827 (patch) | |
tree | 0833cbcb184b1a0bce4ecab3905a6bc02c064f94 | |
parent | 30d1575046065dbd79f537e5f819c405e45af0bc (diff) | |
download | pki-aad80e8775eac61ed9eac2f3f94d2ec90207e827.tar.gz pki-aad80e8775eac61ed9eac2f3f94d2ec90207e827.tar.xz pki-aad80e8775eac61ed9eac2f3f94d2ec90207e827.zip |
Added RoleAssumeEvent.
A new RoleAssumeEvent class of has been added to encapsulate the
ROLE_ASSUME events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I12e47ea13198b6532b1fdfee2e20765c0cab15e9
5 files changed, 88 insertions, 105 deletions
diff --git a/base/common/src/com/netscape/certsrv/logging/event/RoleAssumeEvent.java b/base/common/src/com/netscape/certsrv/logging/event/RoleAssumeEvent.java new file mode 100644 index 000000000..271589397 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/logging/event/RoleAssumeEvent.java @@ -0,0 +1,39 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2017 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging.event; + +import com.netscape.certsrv.logging.AuditEvent; + +public class RoleAssumeEvent extends AuditEvent { + + private static final long serialVersionUID = 1L; + + public RoleAssumeEvent( + String subjectID, + String outcome, + String groups) { + + super(ROLE_ASSUME); + + setParameters(new Object[] { + subjectID, + outcome, + groups + }); + } +} diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java index ecc6a7d7d..662a3e9da 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -56,6 +56,7 @@ import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.logging.event.AuthzFailEvent; import com.netscape.certsrv.logging.event.AuthzSuccessEvent; +import com.netscape.certsrv.logging.event.RoleAssumeEvent; import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; @@ -573,7 +574,7 @@ public class AdminServlet extends HttpServlet { * @return the authorization token */ protected AuthzToken authorize(HttpServletRequest req) { - String auditMessage = null; + String auditSubjectID = auditSubjectID(); String auditACLResource = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditOperation = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -618,14 +619,10 @@ public class AdminServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return null; } catch (EBaseException e) { @@ -637,14 +634,10 @@ public class AdminServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return null; } catch (Exception e) { @@ -655,14 +648,10 @@ public class AdminServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return null; } @@ -673,14 +662,10 @@ public class AdminServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.SUCCESS, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return authzTok; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index afb109a68..9dc74701a 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -70,6 +70,7 @@ import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.logging.event.AuthzFailEvent; import com.netscape.certsrv.logging.event.AuthzSuccessEvent; +import com.netscape.certsrv.logging.event.RoleAssumeEvent; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; @@ -1815,7 +1816,7 @@ public abstract class CMSServlet extends HttpServlet { public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, String exp) throws EBaseException { AuthzToken authzToken = null; - String auditMessage = null; + String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); String auditACLResource = resource; @@ -1831,14 +1832,11 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.SUCCESS, - auditGroupID); + auditGroupID)); - audit(auditMessage); } else { audit(new AuthzFailEvent( @@ -1847,13 +1845,10 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroupID); - - audit(auditMessage); + auditGroupID)); } return authzToken; } catch (Exception e) { @@ -1864,13 +1859,11 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroupID); + auditGroupID)); - audit(auditMessage); throw new EBaseException(e.toString()); } } @@ -1900,7 +1893,7 @@ public abstract class CMSServlet extends HttpServlet { public AuthzToken authorize(String authzMgrName, IAuthToken authToken, String resource, String operation) throws EBaseException { - String auditMessage = null; + String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); String auditID = auditSubjectID; @@ -1958,14 +1951,11 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditID, ILogger.SUCCESS, - auditGroups(auditSubjectID)); + auditGroups(auditSubjectID))); - audit(auditMessage); } else { audit(new AuthzFailEvent( @@ -1974,14 +1964,10 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); } return authzTok; @@ -1993,14 +1979,10 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return null; } catch (Exception eAudit1) { @@ -2011,14 +1993,10 @@ public abstract class CMSServlet extends HttpServlet { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return null; } diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java index cd769db15..dc28a7c32 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java @@ -45,6 +45,7 @@ import com.netscape.certsrv.base.UnauthorizedException; import com.netscape.certsrv.ldap.ILdapConnFactory; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.RoleAssumeEvent; import com.netscape.certsrv.system.DomainInfo; import com.netscape.certsrv.system.InstallToken; import com.netscape.certsrv.system.SecurityDomainHost; @@ -89,22 +90,19 @@ public class SecurityDomainProcessor extends CAProcessor { CMS.debug("SecurityDomainProcessor: group: " + group); if (!ugSubsystem.isMemberOf(user, group)) { - String message = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + + audit(new RoleAssumeEvent( user, ILogger.FAILURE, - group); - audit(message); + group)); throw new UnauthorizedException("User " + user + " is not a member of " + group + " group."); } - String message = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( user, ILogger.SUCCESS, - group); - audit(message); + group)); String ip = ""; try { @@ -123,6 +121,7 @@ public class SecurityDomainProcessor extends CAProcessor { ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); int status = ctable.addEntry(sessionID, ip, user, group); + String message; if (status == ISecurityDomainSessionTable.SUCCESS) { message = CMS.getLogMessage( diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java index 1d04f3a85..74f501f59 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java @@ -57,6 +57,7 @@ import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; import com.netscape.certsrv.logging.event.AuthzFailEvent; import com.netscape.certsrv.logging.event.AuthzSuccessEvent; +import com.netscape.certsrv.logging.event.RoleAssumeEvent; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.profile.IProfileSubsystem; @@ -700,7 +701,7 @@ public class CAProcessor extends Processor { public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, String exp) throws EBaseException { AuthzToken authzToken = null; - String auditMessage = null; + String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); String auditACLResource = resource; @@ -716,14 +717,11 @@ public class CAProcessor extends Processor { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.SUCCESS, - auditGroupID); + auditGroupID)); - audit(auditMessage); } else { audit(new AuthzFailEvent( @@ -732,13 +730,10 @@ public class CAProcessor extends Processor { auditACLResource, auditOperation)); - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroupID); - - audit(auditMessage); + auditGroupID)); } return authzToken; } catch (EBaseException e) { @@ -749,13 +744,11 @@ public class CAProcessor extends Processor { auditACLResource, auditOperation)); - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditSubjectID, ILogger.FAILURE, - auditGroupID); + auditGroupID)); - audit(auditMessage); throw e; } } @@ -784,7 +777,7 @@ public class CAProcessor extends Processor { */ public AuthzToken authorize(String authzMgrName, IAuthToken authToken, String resource, String operation) { - String auditMessage = null; + String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); String auditID = auditSubjectID; @@ -842,14 +835,11 @@ public class CAProcessor extends Processor { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditID, ILogger.SUCCESS, - auditGroups(auditSubjectID)); + auditGroups(auditSubjectID))); - audit(auditMessage); } else { audit(new AuthzFailEvent( @@ -858,14 +848,10 @@ public class CAProcessor extends Processor { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); } return authzTok; @@ -877,14 +863,10 @@ public class CAProcessor extends Processor { auditACLResource, auditOperation)); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.ROLE_ASSUME, + audit(new RoleAssumeEvent( auditID, ILogger.FAILURE, - auditGroups(auditSubjectID)); - - audit(auditMessage); + auditGroups(auditSubjectID))); return null; } |