summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape
diff options
context:
space:
mode:
authorvakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-07-20 17:44:03 +0000
committervakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-07-20 17:44:03 +0000
commit6625f6b9cbf5ec412de7258363ee2f88e24fc83c (patch)
treed72679cd167f338f7eaf0192042caf2d2c9c23f1 /pki/base/common/src/com/netscape
parentbc0baf482e50a18cdbf155168006d36f77bc12c6 (diff)
downloadpki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.tar.gz
pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.tar.xz
pki-6625f6b9cbf5ec412de7258363ee2f88e24fc83c.zip
Bugzilla BZ 722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2068 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java73
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java3
2 files changed, 71 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 58ffe9e6e..9e0f1f32c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -1817,11 +1817,76 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
+ public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
String exp) throws EBaseException {
- AuthzToken authzToken = mAuthz.authorize(authzMgrName, authToken,
- exp);
- return authzToken;
+ AuthzToken authzToken = null;
+ String auditMessage = null;
+ String auditSubjectID = auditSubjectID();
+ String auditGroupID = auditGroupID();
+ String auditACLResource = resource;
+ String auditOperation = "enroll";
+
+ SessionContext auditContext = SessionContext.getExistingContext();
+ String authManagerId = null;
+
+ try {
+ authzToken = mAuthz.authorize(authzMgrName, authToken, exp);
+ if (authzToken != null) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditACLResource,
+ auditOperation);
+
+ audit(auditMessage);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditGroupID);
+
+ audit(auditMessage);
+ } else {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditACLResource,
+ auditOperation);
+
+ audit(auditMessage);
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditGroupID);
+
+ audit(auditMessage);
+ }
+ return authzToken;
+ } catch (Exception e) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditACLResource,
+ auditOperation);
+
+ audit(auditMessage);
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditGroupID);
+
+ audit(auditMessage);
+ throw new EBaseException(e.toString());
+ }
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 1026eef30..a5e8a1fb7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -1028,7 +1028,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMS.debug("ProfileSubmitServlet: authz using acl: "+acl);
if (acl != null && acl.length() > 0) {
try {
- AuthzToken authzToken = authorize(mAclMethod, authToken, acl);
+ String resource = profileId + ".authz.acl";
+ AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl);
} catch (Exception e) {
CMS.debug("ProfileSubmitServlet authorize: "+e.toString());
if (xmlOutput) {