diff options
author | Christina Fu <cfu@redhat.com> | 2016-03-24 16:23:05 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2016-03-28 15:46:43 -0700 |
commit | 41a99a5938c6881a978199fe10b0c392eb27d569 (patch) | |
tree | 9de46099b3cc73cd5f691848bba9aa2b523c10aa /base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java | |
parent | 93179af9333197cbdce843f16c02107b8d1db17e (diff) | |
download | pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.gz pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.xz pki-41a99a5938c6881a978199fe10b0c392eb27d569.zip |
Ticket #1006 Audit logging for TPS REST operations
This patch adds audit logging to TPS REST wrote-specific operations.
The read-specific operations are already captured by AuditEvent=AUTHZ_*
The affected (new or modified) log messages include:
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6
LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java b/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java index 6cd5e9f7d..b0b4fd229 100644 --- a/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java +++ b/base/tps/src/org/dogtagpki/server/tps/config/ConfigService.java @@ -20,6 +20,7 @@ package org.dogtagpki.server.tps.config; import java.io.UnsupportedEncodingException; import java.net.URI; +import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -34,6 +35,7 @@ import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.BadRequestException; import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.tps.config.ConfigData; import com.netscape.certsrv.tps.config.ConfigResource; import com.netscape.cms.servlet.base.PKIService; @@ -94,8 +96,15 @@ public class ConfigService extends PKIService implements ConfigResource { @Override public Response updateConfig(ConfigData configData) { + String method = "ConfigService.updateConfig"; + Map<String, String> auditModParams = new HashMap<String, String>(); - if (configData == null) throw new BadRequestException("Config data is null."); + if (configData == null) { + BadRequestException e = new BadRequestException("Config data is null."); + auditModParams.put("Info", e.toString()); + auditConfigTokenGeneral(ILogger.FAILURE, method, auditModParams, e.toString()); + throw e; + } CMS.debug("ConfigService.updateConfig()"); @@ -103,32 +112,41 @@ public class ConfigService extends PKIService implements ConfigResource { ConfigDatabase configDatabase = new ConfigDatabase(); ConfigRecord configRecord = configDatabase.getRecord("Generals"); - Map<String, String> properties = configData.getProperties(); - if (properties != null) { + Map<String, String> newProperties = configData.getProperties(); + if (newProperties != null) { // validate new properties - configDatabase.validateProperties(configRecord, null, properties); + configDatabase.validateProperties(configRecord, null, newProperties); // remove old properties configDatabase.removeProperties(configRecord, null); // add new properties - configDatabase.addProperties(configRecord, null, properties); + configDatabase.addProperties(configRecord, null, newProperties); } configDatabase.commit(); - properties = configDatabase.getProperties(configRecord, null); + Map<String, String> properties = configDatabase.getProperties(configRecord, null); configData = createConfigData(properties); + auditConfigTokenGeneral(ILogger.SUCCESS, method, + newProperties, null); + return Response .ok(configData) .build(); } catch (PKIException e) { + CMS.debug(method +": " + e); + auditConfigTokenGeneral(ILogger.FAILURE, method, + auditModParams, e.toString()); throw e; } catch (Exception e) { e.printStackTrace(); + CMS.debug(method +": " + e); + auditConfigTokenGeneral(ILogger.FAILURE, method, + auditModParams, e.toString()); throw new PKIException(e.getMessage()); } } |