diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/authorization/ACLInterceptor.java')
-rw-r--r-- | base/common/src/com/netscape/cms/authorization/ACLInterceptor.java | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java index 53160bb8c..1e7adf190 100644 --- a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java +++ b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java @@ -89,18 +89,23 @@ public class ACLInterceptor implements PreProcessInterceptor { } // If still not available, it's unprotected, allow request. - if (aclMapping == null) return null; + if (aclMapping == null) { + CMS.debug("ACLInterceptor: No ACL mapping."); + return null; + } Principal principal = securityContext.getUserPrincipal(); // If unauthenticated, reject request. if (principal == null) { + CMS.debug("ACLInterceptor: No user principal provided."); throw new ForbiddenException("No user principal provided."); } // If unrecognized principal, reject request. if (!(principal instanceof PKIPrincipal)) { - throw new ForbiddenException("Invalid user principal"); + CMS.debug("ACLInterceptor: Invalid user principal."); + throw new ForbiddenException("Invalid user principal."); } PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; @@ -108,6 +113,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If missing auth token, reject request. if (authToken == null) { + CMS.debug("ACLInterceptor: No authorization token present."); throw new ForbiddenException("No authorization token present."); } @@ -118,12 +124,16 @@ public class ACLInterceptor implements PreProcessInterceptor { String value = authProperties.getProperty(name); // If no property defined, allow request. - if (value == null) return null; + if (value == null) { + CMS.debug("ACLInterceptor: No ACL configuration."); + return null; + } String values[] = value.split(","); // If invalid mapping, reject request. if (values.length != 2) { + CMS.debug("ACLInterceptor: Invalid ACL mapping."); throw new ForbiddenException("Invalid ACL mapping."); } @@ -137,10 +147,12 @@ public class ACLInterceptor implements PreProcessInterceptor { // If not authorized, reject request. if (authzToken == null) { + CMS.debug("ACLInterceptor: No authorization token present."); throw new ForbiddenException("No authorization token present."); } } catch (EAuthzAccessDenied e) { + CMS.debug("ACLInterceptor: " + e.getMessage()); throw new ForbiddenException(e.toString()); } catch (IOException|EBaseException e) { |