diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-01-17 12:19:52 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-03-28 00:37:55 +0200 |
commit | 18412763e4ec09f4892c2a7b502d72ebfd9fec2a (patch) | |
tree | e2360a5e9848c42c2d2ee7c1e5a3beb0155b63ea /base/server/cms/src/com/netscape/cms/servlet/base | |
parent | 8cf4c5fadd2d5a154c99430be9898f37163bdac7 (diff) | |
download | pki-18412763e4ec09f4892c2a7b502d72ebfd9fec2a.tar.gz pki-18412763e4ec09f4892c2a7b502d72ebfd9fec2a.tar.xz pki-18412763e4ec09f4892c2a7b502d72ebfd9fec2a.zip |
Added audit logs for SSL/TLS events.
The CMSStartServlet has been modified to register an SSL socket
listener called PKIServerSocketListener to TomcatJSS.
The PKIServerSocketListener will receive the alerts generated by
SSL server sockets and generate ACCESS_SESSION_* audit logs.
The CS.cfg for all subsystems have been modified to include
ACCESS_SESSION_* audit events.
https://pagure.io/dogtagpki/issue/2602
Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/servlet/base')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/base/CMSStartServlet.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/base/server/cms/src/com/netscape/cms/servlet/base/CMSStartServlet.java index 5521d1470..cfbf724e7 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/base/server/cms/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -26,6 +26,9 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.tomcat.util.net.jss.TomcatJSS; +import org.dogtagpki.server.PKIServerSocketListener; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.realm.PKIRealm; @@ -118,6 +121,10 @@ public class CMSStartServlet extends HttpServlet { // Register realm for this subsystem ProxyRealm.registerRealm(subsystem, new PKIRealm()); + + // Register TomcatJSS socket listener + TomcatJSS tomcatJss = TomcatJSS.getInstance(); + tomcatJss.addSocketListener(new PKIServerSocketListener()); } public void doGet(HttpServletRequest req, HttpServletResponse res) |