Bugzilla BZ 722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2068 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-07-20 17:44:03 +0000
committer: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-07-20 17:44:03 +0000
commit: 6625f6b9cbf5ec412de7258363ee2f88e24fc83c (patch)
tree: d72679cd167f338f7eaf0192042caf2d2c9c23f1 /pki/base/common/src/com/netscape
parent: bc0baf482e50a18cdbf155168006d36f77bc12c6 (diff)
download: pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.tar.gz
pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.tar.xz
pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.zip
2 files changed, 71 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 58ffe9e6e..9e0f1f32c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -1817,11 +1817,76 @@ public abstract class CMSServlet extends HttpServlet {
         }
     }
 
-    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
+    public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
       String exp) throws EBaseException {
-        AuthzToken authzToken = mAuthz.authorize(authzMgrName, authToken,
-          exp);
-        return authzToken;
+        AuthzToken authzToken = null;
+        String auditMessage = null;
+        String auditSubjectID = auditSubjectID();
+        String auditGroupID = auditGroupID();
+        String auditACLResource = resource;
+        String auditOperation = "enroll";
+
+        SessionContext auditContext = SessionContext.getExistingContext();
+        String authManagerId = null;
+
+        try {
+            authzToken = mAuthz.authorize(authzMgrName, authToken, exp);
+            if (authzToken != null) {
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditACLResource,
+                            auditOperation);
+
+                audit(auditMessage);
+
+                // store a message in the signed audit log file
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditGroupID);
+
+                audit(auditMessage);
+            } else {
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditACLResource,
+                            auditOperation);
+
+                audit(auditMessage);
+
+                auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditGroupID);
+
+                audit(auditMessage);
+            }
+            return authzToken;
+        } catch (Exception e) {
+            auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditACLResource,
+                        auditOperation);
+
+            audit(auditMessage);
+
+            auditMessage = CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditGroupID);
+
+            audit(auditMessage);
+            throw new EBaseException(e.toString());
+        }
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 1026eef30..a5e8a1fb7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -1028,7 +1028,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
             CMS.debug("ProfileSubmitServlet: authz using acl: "+acl);
             if (acl != null && acl.length() > 0) {
                 try {
-                    AuthzToken authzToken = authorize(mAclMethod, authToken, acl);
+                    String resource = profileId + ".authz.acl";
+                    AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl);
                 } catch (Exception e) {
                     CMS.debug("ProfileSubmitServlet authorize: "+e.toString());
                     if (xmlOutput) {
author	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-07-20 17:44:03 +0000
committer	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-07-20 17:44:03 +0000
commit	6625f6b9cbf5ec412de7258363ee2f88e24fc83c (patch)
tree	d72679cd167f338f7eaf0192042caf2d2c9c23f1 /pki/base/common/src/com/netscape
parent	bc0baf482e50a18cdbf155168006d36f77bc12c6 (diff)
download	pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.tar.gz pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.tar.xz pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.zip