diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-27 19:03:40 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-07-27 19:03:40 +0000 |
commit | 2eb3243de06f1589991da47bfde6271e0d80abe6 (patch) | |
tree | 8168ed24525ffd35989d54bd6dd81471d5df0b08 /pki/base/common/src/com/netscape/cms/servlet/base | |
parent | 9f8b12b0400f654f8b3f10ddbd731735c1d45607 (diff) | |
download | pki-2eb3243de06f1589991da47bfde6271e0d80abe6.tar.gz pki-2eb3243de06f1589991da47bfde6271e0d80abe6.tar.xz pki-2eb3243de06f1589991da47bfde6271e0d80abe6.zip |
merge 8.1 -> tip, multiple bugs (base)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1134 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/base')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java | 68 |
1 files changed, 63 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 0d41c40d4..8c795cb55 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -1782,6 +1782,8 @@ public abstract class CMSServlet extends HttpServlet { } String userid = authToken.getInString(IAuthToken.USER_ID); + CMS.debug("CMSServlet: userid=" + userid); + if (userid != null) { ctx.put(SessionContext.USER_ID, userid); } @@ -1806,8 +1808,7 @@ public abstract class CMSServlet extends HttpServlet { auditSubjectID, ILogger.FAILURE, auditAuthMgrID, - auditUID); - + auditUID); audit(auditMessage); // rethrow the specific exception to be handled later @@ -1850,9 +1851,23 @@ public abstract class CMSServlet extends HttpServlet { throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); + String auditGroupID = auditGroupID(); + String auditID = auditSubjectID; String auditACLResource = resource; String auditOperation = operation; + + SessionContext auditContext = SessionContext.getExistingContext(); + String authManagerId = null; + + if(auditContext != null) { + authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID); + + if(authManagerId != null && authManagerId.equals("TokenAuth")) { + auditID = auditGroupID; + } + } + // "normalize" the "auditACLResource" value if (auditACLResource != null) { auditACLResource = auditACLResource.trim(); @@ -1895,7 +1910,7 @@ public abstract class CMSServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, + auditID, ILogger.SUCCESS, auditGroups(auditSubjectID)); @@ -1914,7 +1929,7 @@ public abstract class CMSServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, + auditID, ILogger.FAILURE, auditGroups(auditSubjectID)); @@ -1936,7 +1951,7 @@ public abstract class CMSServlet extends HttpServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, + auditID, ILogger.FAILURE, auditGroups(auditSubjectID)); @@ -2007,15 +2022,18 @@ public abstract class CMSServlet extends HttpServlet { return null; } + CMS.debug("CMSServlet: in auditSubjectID"); String subjectID = null; // Initialize subjectID SessionContext auditContext = SessionContext.getExistingContext(); + CMS.debug("CMSServlet: auditSubjectID auditContext " + auditContext); if (auditContext != null) { subjectID = (String) auditContext.get(SessionContext.USER_ID); + CMS.debug("CMSServlet auditSubjectID: subjectID: " + subjectID); if (subjectID != null) { subjectID = subjectID.trim(); } else { @@ -2029,6 +2047,46 @@ public abstract class CMSServlet extends HttpServlet { } /** + * Signed Audit Log Group ID + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "gid" for + * a signed audit log message. + * <P> + * + * @return id string containing the signed audit log message SubjectID + */ + protected String auditGroupID() { + // if no signed audit object exists, bail + if (mSignedAuditLogger == null) { + return null; + } + + CMS.debug("CMSServlet: in auditGroupID"); + String groupID = null; + + // Initialize groupID + SessionContext auditContext = SessionContext.getExistingContext(); + + CMS.debug("CMSServlet: auditGroupID auditContext " + auditContext); + if (auditContext != null) { + groupID = (String) + auditContext.get(SessionContext.GROUP_ID); + + CMS.debug("CMSServlet auditGroupID: groupID: " + groupID); + if (groupID != null) { + groupID = groupID.trim(); + } else { + groupID = ILogger.NONROLEUSER; + } + } else { + groupID = ILogger.UNIDENTIFIED; + } + + return groupID; + } + + /** * Signed Audit Groups * * This method is called to extract all "groups" associated |