summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-04-20 16:30:18 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-04-24 20:41:10 +0200
commitfdcb514b0711f10eab47c81837138192207e44b4 (patch)
tree9eb5f899a595e7206c72dead83824f9692a2eaee
parent0de8be3084c4ccf23c2850331f86fc067e7c8383 (diff)
downloadpki-fdcb514b0711f10eab47c81837138192207e44b4.tar.gz
pki-fdcb514b0711f10eab47c81837138192207e44b4.tar.xz
pki-fdcb514b0711f10eab47c81837138192207e44b4.zip
Added AuthzSuccessEvent.
A new AuthzSuccessEvent class of has been added to encapsulate the AUTHZ_SUCCESS events. https://pagure.io/dogtagpki/issue/2641 Change-Id: I2f45fb2c3ba8acdc82777644cf4ad0ec2eff35a5
Diffstat
-rw-r--r--base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java59
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java9
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java18
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java18
-rw-r--r--base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java27
5 files changed, 89 insertions, 42 deletions
diff --git a/base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java b/base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java
new file mode 100644
index 000000000..05e505c73
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2017 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.logging.event;
+
+import com.netscape.certsrv.logging.AuditEvent;
+
+public class AuthzSuccessEvent extends AuditEvent {
+
+ private static final long serialVersionUID = 1L;
+
+ public AuthzSuccessEvent(
+ String subjectID,
+ String outcome,
+ String aclResource,
+ String operation) {
+
+ super(AUTHZ_SUCCESS);
+
+ setParameters(new Object[] {
+ subjectID,
+ outcome,
+ aclResource,
+ operation
+ });
+ }
+
+ public AuthzSuccessEvent(
+ String subjectID,
+ String outcome,
+ String aclResource,
+ String operation,
+ String info) {
+
+ super(AUTHZ_SUCCESS_INFO);
+
+ setParameters(new Object[] {
+ subjectID,
+ outcome,
+ aclResource,
+ operation,
+ info
+ });
+ }
+}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java
index a715c73f6..adf942422 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -54,6 +54,7 @@ import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.event.AuthFailEvent;
import com.netscape.certsrv.logging.event.AuthSuccessEvent;
+import com.netscape.certsrv.logging.event.AuthzSuccessEvent;
import com.netscape.certsrv.usrgrp.EUsrGrpException;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
@@ -676,15 +677,11 @@ public class AdminServlet extends HttpServlet {
return null;
}
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS,
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
auditACLResource,
- auditOperation);
-
- audit(auditMessage);
+ auditOperation));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
index c23b9d187..c70f55ae6 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -68,6 +68,7 @@ import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.event.AuthFailEvent;
import com.netscape.certsrv.logging.event.AuthSuccessEvent;
+import com.netscape.certsrv.logging.event.AuthzSuccessEvent;
import com.netscape.certsrv.ra.IRegistrationAuthority;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestQueue;
@@ -1822,14 +1823,12 @@ public abstract class CMSServlet extends HttpServlet {
try {
authzToken = mAuthz.authorize(authzMgrName, authToken, exp);
if (authzToken != null) {
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
auditACLResource,
- auditOperation);
-
- audit(auditMessage);
+ auditOperation));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -1955,15 +1954,12 @@ public abstract class CMSServlet extends HttpServlet {
operation);
if (authzTok != null) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
auditACLResource,
- auditOperation);
-
- audit(auditMessage);
+ auditOperation));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
index a28bee17c..8760caf4d 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java
@@ -55,6 +55,7 @@ import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.event.AuthFailEvent;
import com.netscape.certsrv.logging.event.AuthSuccessEvent;
+import com.netscape.certsrv.logging.event.AuthzSuccessEvent;
import com.netscape.certsrv.profile.IProfile;
import com.netscape.certsrv.profile.IProfileAuthenticator;
import com.netscape.certsrv.profile.IProfileSubsystem;
@@ -707,14 +708,12 @@ public class CAProcessor extends Processor {
try {
authzToken = authz.authorize(authzMgrName, authToken, exp);
if (authzToken != null) {
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
auditACLResource,
- auditOperation);
-
- audit(auditMessage);
+ auditOperation));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
@@ -839,15 +838,12 @@ public class CAProcessor extends Processor {
operation);
if (authzTok != null) {
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
auditACLResource,
- auditOperation);
-
- audit(auditMessage);
+ auditOperation));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java
index 331bae160..490eaed7c 100644
--- a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java
+++ b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java
@@ -47,6 +47,7 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.ForbiddenException;
import com.netscape.certsrv.logging.AuditEvent;
import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.logging.event.AuthzSuccessEvent;
import com.netscape.cms.realm.PKIPrincipal;
/**
@@ -189,15 +190,14 @@ public class ACLInterceptor implements ContainerRequestFilter {
// If still not available, it's unprotected, allow request.
if (!authzRequired) {
CMS.debug("ACLInterceptor: No ACL mapping; authz not required.");
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS_INFO,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
null, //resource
null, //operation
- LOGGING_MISSING_ACL_MAPPING + ":" + auditInfo); //info
- audit(auditMessage);
+ LOGGING_MISSING_ACL_MAPPING + ":" + auditInfo)); //info
+
return;
}
@@ -230,14 +230,14 @@ public class ACLInterceptor implements ContainerRequestFilter {
// If no property defined, allow request.
if (value == null) {
CMS.debug("ACLInterceptor: No ACL configuration.");
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS_INFO,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
null, //resource
null, //operation
- LOGGING_NO_ACL_ACCESS_ALLOWED + ":" + auditInfo);
+ LOGGING_NO_ACL_ACCESS_ALLOWED + ":" + auditInfo));
+
return;
}
@@ -317,15 +317,14 @@ public class ACLInterceptor implements ContainerRequestFilter {
}
// Allow request.
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- AuditEvent.AUTHZ_SUCCESS_INFO,
+
+ audit(new AuthzSuccessEvent(
auditSubjectID,
ILogger.SUCCESS,
values[0], // resource
values[1], // operation
- auditInfo);
- audit(auditMessage);
+ auditInfo));
+
return;
}
generated by cgit (git 2.34.1) at 2024-06-10 13:00:35 +0000