Bugzilla BZ 722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2068 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

1 files changed, 69 insertions, 4 deletions

diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 58ffe9e6e..9e0f1f32c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -1817,11 +1817,76 @@ public abstract class CMSServlet extends HttpServlet {
         }
     }
 
-    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
+    public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
       String exp) throws EBaseException {
-        AuthzToken authzToken = mAuthz.authorize(authzMgrName, authToken,
-          exp);
-        return authzToken;
+        AuthzToken authzToken = null;
+        String auditMessage = null;
+        String auditSubjectID = auditSubjectID();
+        String auditGroupID = auditGroupID();
+        String auditACLResource = resource;
+        String auditOperation = "enroll";
+
+        SessionContext auditContext = SessionContext.getExistingContext();
+        String authManagerId = null;
+
+        try {
+            authzToken = mAuthz.authorize(authzMgrName, authToken, exp);
+            if (authzToken != null) {
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditACLResource,
+                            auditOperation);
+
+                audit(auditMessage);
+
+                // store a message in the signed audit log file
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditGroupID);
+
+                audit(auditMessage);
+            } else {
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditACLResource,
+                            auditOperation);
+
+                audit(auditMessage);
+
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditGroupID);
+
+                audit(auditMessage);
+            }
+            return authzToken;
+        } catch (Exception e) {
+            auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditACLResource,
+                        auditOperation);
+
+            audit(auditMessage);
+
+            auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditGroupID);
+
+            audit(auditMessage);
+            throw new EBaseException(e.toString());
+        }
     }
 
     /**