summaryrefslogtreecommitdiffstats
path: root/base/common
diff options
context:
space:
mode:
Diffstat (limited to 'base/common')
-rw-r--r--base/common/src/com/netscape/certsrv/tps/TPSClient.java2
-rw-r--r--base/common/src/com/netscape/cms/authorization/ACLInterceptor.java18
-rw-r--r--base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java21
3 files changed, 28 insertions, 13 deletions
diff --git a/base/common/src/com/netscape/certsrv/tps/TPSClient.java b/base/common/src/com/netscape/certsrv/tps/TPSClient.java
index 38aff46bd..263b92b3a 100644
--- a/base/common/src/com/netscape/certsrv/tps/TPSClient.java
+++ b/base/common/src/com/netscape/certsrv/tps/TPSClient.java
@@ -23,6 +23,7 @@ import com.netscape.certsrv.client.PKIClient;
import com.netscape.certsrv.client.SubsystemClient;
import com.netscape.certsrv.logging.ActivityClient;
import com.netscape.certsrv.token.TokenClient;
+import com.netscape.certsrv.user.UserClient;
/**
* @author Endi S. Dewata
@@ -37,5 +38,6 @@ public class TPSClient extends SubsystemClient {
public void init() throws URISyntaxException {
addClient(new ActivityClient(client, name));
addClient(new TokenClient(client, name));
+ addClient(new UserClient(client, name));
}
}
diff --git a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java
index 53160bb8c..1e7adf190 100644
--- a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java
+++ b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java
@@ -89,18 +89,23 @@ public class ACLInterceptor implements PreProcessInterceptor {
}
// If still not available, it's unprotected, allow request.
- if (aclMapping == null) return null;
+ if (aclMapping == null) {
+ CMS.debug("ACLInterceptor: No ACL mapping.");
+ return null;
+ }
Principal principal = securityContext.getUserPrincipal();
// If unauthenticated, reject request.
if (principal == null) {
+ CMS.debug("ACLInterceptor: No user principal provided.");
throw new ForbiddenException("No user principal provided.");
}
// If unrecognized principal, reject request.
if (!(principal instanceof PKIPrincipal)) {
- throw new ForbiddenException("Invalid user principal");
+ CMS.debug("ACLInterceptor: Invalid user principal.");
+ throw new ForbiddenException("Invalid user principal.");
}
PKIPrincipal pkiPrincipal = (PKIPrincipal)principal;
@@ -108,6 +113,7 @@ public class ACLInterceptor implements PreProcessInterceptor {
// If missing auth token, reject request.
if (authToken == null) {
+ CMS.debug("ACLInterceptor: No authorization token present.");
throw new ForbiddenException("No authorization token present.");
}
@@ -118,12 +124,16 @@ public class ACLInterceptor implements PreProcessInterceptor {
String value = authProperties.getProperty(name);
// If no property defined, allow request.
- if (value == null) return null;
+ if (value == null) {
+ CMS.debug("ACLInterceptor: No ACL configuration.");
+ return null;
+ }
String values[] = value.split(",");
// If invalid mapping, reject request.
if (values.length != 2) {
+ CMS.debug("ACLInterceptor: Invalid ACL mapping.");
throw new ForbiddenException("Invalid ACL mapping.");
}
@@ -137,10 +147,12 @@ public class ACLInterceptor implements PreProcessInterceptor {
// If not authorized, reject request.
if (authzToken == null) {
+ CMS.debug("ACLInterceptor: No authorization token present.");
throw new ForbiddenException("No authorization token present.");
}
} catch (EAuthzAccessDenied e) {
+ CMS.debug("ACLInterceptor: " + e.getMessage());
throw new ForbiddenException(e.toString());
} catch (IOException|EBaseException e) {
diff --git a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java
index 8d7bcb3c6..c9e442769 100644
--- a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java
+++ b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java
@@ -38,6 +38,7 @@ import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
+import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.AuthMethodMapping;
import com.netscape.certsrv.authentication.AuthToken;
import com.netscape.certsrv.authentication.IAuthToken;
@@ -89,7 +90,7 @@ public class AuthMethodInterceptor implements PreProcessInterceptor {
Class<?> clazz = resourceMethod.getResourceClass();
Method method = resourceMethod.getMethod();
- System.out.println("AuthInterceptor: "+clazz.getSimpleName()+"."+method.getName()+"()");
+ CMS.debug("AuthMethodInterceptor: "+clazz.getSimpleName()+"."+method.getName()+"()");
// Get authentication mapping for the method.
AuthMethodMapping authMapping = method.getAnnotation(AuthMethodMapping.class);
@@ -108,7 +109,7 @@ public class AuthMethodInterceptor implements PreProcessInterceptor {
name = authMapping.value();
}
- System.out.println("AuthInterceptor: mapping name: "+name);
+ CMS.debug("AuthMethodInterceptor: mapping name: "+name);
try {
loadAuthProperties();
@@ -121,23 +122,23 @@ public class AuthMethodInterceptor implements PreProcessInterceptor {
}
}
- System.out.println("AuthInterceptor: required auth methods: "+authMethods);
+ CMS.debug("AuthMethodInterceptor: required auth methods: "+authMethods);
Principal principal = securityContext.getUserPrincipal();
// If unauthenticated, reject request.
if (principal == null) {
if (authMethods.isEmpty() || authMethods.contains("anonymous") || authMethods.contains("*")) {
- System.out.println("AuthInterceptor: anonymous access allowed");
+ CMS.debug("AuthMethodInterceptor: anonymous access allowed");
return null;
}
- System.out.println("AuthInterceptor: anonymous access not allowed");
+ CMS.debug("AuthMethodInterceptor: anonymous access not allowed");
throw new ForbiddenException("Anonymous access not allowed.");
}
// If unrecognized principal, reject request.
if (!(principal instanceof PKIPrincipal)) {
- System.out.println("AuthInterceptor: unknown principal");
+ CMS.debug("AuthMethodInterceptor: unknown principal");
throw new ForbiddenException("Unknown user principal");
}
@@ -146,20 +147,20 @@ public class AuthMethodInterceptor implements PreProcessInterceptor {
// If missing auth token, reject request.
if (authToken == null) {
- System.out.println("AuthInterceptor: missing authentication token");
+ CMS.debug("AuthMethodInterceptor: missing authentication token");
throw new ForbiddenException("Missing authentication token.");
}
String authManager = (String)authToken.get(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- System.out.println("AuthInterceptor: authentication manager: "+authManager);
+ CMS.debug("AuthMethodInterceptor: authentication manager: "+authManager);
if (authManager == null) {
- System.out.println("AuthInterceptor: missing authentication manager");
+ CMS.debug("AuthMethodInterceptor: missing authentication manager");
throw new ForbiddenException("Missing authentication manager.");
}
if (authMethods.isEmpty() || authMethods.contains(authManager) || authMethods.contains("*")) {
- System.out.println("AuthInterceptor: "+authManager+" allowed");
+ CMS.debug("AuthMethodInterceptor: "+authManager+" allowed");
return null;
}
generated by cgit (git 2.34.1) at 2024-07-02 16:17:50 +0000