diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-04-20 16:30:18 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-24 20:41:10 +0200 |
commit | fdcb514b0711f10eab47c81837138192207e44b4 (patch) | |
tree | 9eb5f899a595e7206c72dead83824f9692a2eaee | |
parent | 0de8be3084c4ccf23c2850331f86fc067e7c8383 (diff) | |
download | pki-fdcb514b0711f10eab47c81837138192207e44b4.tar.gz pki-fdcb514b0711f10eab47c81837138192207e44b4.tar.xz pki-fdcb514b0711f10eab47c81837138192207e44b4.zip |
Added AuthzSuccessEvent.
A new AuthzSuccessEvent class of has been added to encapsulate the
AUTHZ_SUCCESS events.
https://pagure.io/dogtagpki/issue/2641
Change-Id: I2f45fb2c3ba8acdc82777644cf4ad0ec2eff35a5
5 files changed, 89 insertions, 42 deletions
diff --git a/base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java b/base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java new file mode 100644 index 000000000..05e505c73 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/logging/event/AuthzSuccessEvent.java @@ -0,0 +1,59 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2017 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.logging.event; + +import com.netscape.certsrv.logging.AuditEvent; + +public class AuthzSuccessEvent extends AuditEvent { + + private static final long serialVersionUID = 1L; + + public AuthzSuccessEvent( + String subjectID, + String outcome, + String aclResource, + String operation) { + + super(AUTHZ_SUCCESS); + + setParameters(new Object[] { + subjectID, + outcome, + aclResource, + operation + }); + } + + public AuthzSuccessEvent( + String subjectID, + String outcome, + String aclResource, + String operation, + String info) { + + super(AUTHZ_SUCCESS_INFO); + + setParameters(new Object[] { + subjectID, + outcome, + aclResource, + operation, + info + }); + } +} diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java index a715c73f6..adf942422 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -54,6 +54,7 @@ import com.netscape.certsrv.logging.IAuditor; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; +import com.netscape.certsrv.logging.event.AuthzSuccessEvent; import com.netscape.certsrv.usrgrp.EUsrGrpException; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; @@ -676,15 +677,11 @@ public class AdminServlet extends HttpServlet { return null; } - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS, + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); - - audit(auditMessage); + auditOperation)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java index c23b9d187..c70f55ae6 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -68,6 +68,7 @@ import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; +import com.netscape.certsrv.logging.event.AuthzSuccessEvent; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; @@ -1822,14 +1823,12 @@ public abstract class CMSServlet extends HttpServlet { try { authzToken = mAuthz.authorize(authzMgrName, authToken, exp); if (authzToken != null) { - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); - - audit(auditMessage); + auditOperation)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -1955,15 +1954,12 @@ public abstract class CMSServlet extends HttpServlet { operation); if (authzTok != null) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); - - audit(auditMessage); + auditOperation)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( diff --git a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java index a28bee17c..8760caf4d 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java +++ b/base/server/cms/src/com/netscape/cms/servlet/processors/CAProcessor.java @@ -55,6 +55,7 @@ import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.event.AuthFailEvent; import com.netscape.certsrv.logging.event.AuthSuccessEvent; +import com.netscape.certsrv.logging.event.AuthzSuccessEvent; import com.netscape.certsrv.profile.IProfile; import com.netscape.certsrv.profile.IProfileAuthenticator; import com.netscape.certsrv.profile.IProfileSubsystem; @@ -707,14 +708,12 @@ public class CAProcessor extends Processor { try { authzToken = authz.authorize(authzMgrName, authToken, exp); if (authzToken != null) { - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); - - audit(auditMessage); + auditOperation)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -839,15 +838,12 @@ public class CAProcessor extends Processor { operation); if (authzTok != null) { - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); - - audit(auditMessage); + auditOperation)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( diff --git a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java index 331bae160..490eaed7c 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/ACLInterceptor.java @@ -47,6 +47,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.ForbiddenException; import com.netscape.certsrv.logging.AuditEvent; import com.netscape.certsrv.logging.ILogger; +import com.netscape.certsrv.logging.event.AuthzSuccessEvent; import com.netscape.cms.realm.PKIPrincipal; /** @@ -189,15 +190,14 @@ public class ACLInterceptor implements ContainerRequestFilter { // If still not available, it's unprotected, allow request. if (!authzRequired) { CMS.debug("ACLInterceptor: No ACL mapping; authz not required."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS_INFO, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, null, //resource null, //operation - LOGGING_MISSING_ACL_MAPPING + ":" + auditInfo); //info - audit(auditMessage); + LOGGING_MISSING_ACL_MAPPING + ":" + auditInfo)); //info + return; } @@ -230,14 +230,14 @@ public class ACLInterceptor implements ContainerRequestFilter { // If no property defined, allow request. if (value == null) { CMS.debug("ACLInterceptor: No ACL configuration."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS_INFO, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, null, //resource null, //operation - LOGGING_NO_ACL_ACCESS_ALLOWED + ":" + auditInfo); + LOGGING_NO_ACL_ACCESS_ALLOWED + ":" + auditInfo)); + return; } @@ -317,15 +317,14 @@ public class ACLInterceptor implements ContainerRequestFilter { } // Allow request. - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - AuditEvent.AUTHZ_SUCCESS_INFO, + + audit(new AuthzSuccessEvent( auditSubjectID, ILogger.SUCCESS, values[0], // resource values[1], // operation - auditInfo); - audit(auditMessage); + auditInfo)); + return; } |