diff options
Diffstat (limited to 'base/common')
3 files changed, 28 insertions, 13 deletions
diff --git a/base/common/src/com/netscape/certsrv/tps/TPSClient.java b/base/common/src/com/netscape/certsrv/tps/TPSClient.java index 38aff46bd..263b92b3a 100644 --- a/base/common/src/com/netscape/certsrv/tps/TPSClient.java +++ b/base/common/src/com/netscape/certsrv/tps/TPSClient.java @@ -23,6 +23,7 @@ import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.SubsystemClient; import com.netscape.certsrv.logging.ActivityClient; import com.netscape.certsrv.token.TokenClient; +import com.netscape.certsrv.user.UserClient; /** * @author Endi S. Dewata @@ -37,5 +38,6 @@ public class TPSClient extends SubsystemClient { public void init() throws URISyntaxException { addClient(new ActivityClient(client, name)); addClient(new TokenClient(client, name)); + addClient(new UserClient(client, name)); } } diff --git a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java index 53160bb8c..1e7adf190 100644 --- a/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java +++ b/base/common/src/com/netscape/cms/authorization/ACLInterceptor.java @@ -89,18 +89,23 @@ public class ACLInterceptor implements PreProcessInterceptor { } // If still not available, it's unprotected, allow request. - if (aclMapping == null) return null; + if (aclMapping == null) { + CMS.debug("ACLInterceptor: No ACL mapping."); + return null; + } Principal principal = securityContext.getUserPrincipal(); // If unauthenticated, reject request. if (principal == null) { + CMS.debug("ACLInterceptor: No user principal provided."); throw new ForbiddenException("No user principal provided."); } // If unrecognized principal, reject request. if (!(principal instanceof PKIPrincipal)) { - throw new ForbiddenException("Invalid user principal"); + CMS.debug("ACLInterceptor: Invalid user principal."); + throw new ForbiddenException("Invalid user principal."); } PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; @@ -108,6 +113,7 @@ public class ACLInterceptor implements PreProcessInterceptor { // If missing auth token, reject request. if (authToken == null) { + CMS.debug("ACLInterceptor: No authorization token present."); throw new ForbiddenException("No authorization token present."); } @@ -118,12 +124,16 @@ public class ACLInterceptor implements PreProcessInterceptor { String value = authProperties.getProperty(name); // If no property defined, allow request. - if (value == null) return null; + if (value == null) { + CMS.debug("ACLInterceptor: No ACL configuration."); + return null; + } String values[] = value.split(","); // If invalid mapping, reject request. if (values.length != 2) { + CMS.debug("ACLInterceptor: Invalid ACL mapping."); throw new ForbiddenException("Invalid ACL mapping."); } @@ -137,10 +147,12 @@ public class ACLInterceptor implements PreProcessInterceptor { // If not authorized, reject request. if (authzToken == null) { + CMS.debug("ACLInterceptor: No authorization token present."); throw new ForbiddenException("No authorization token present."); } } catch (EAuthzAccessDenied e) { + CMS.debug("ACLInterceptor: " + e.getMessage()); throw new ForbiddenException(e.toString()); } catch (IOException|EBaseException e) { diff --git a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java index 8d7bcb3c6..c9e442769 100644 --- a/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java +++ b/base/common/src/com/netscape/cms/authorization/AuthMethodInterceptor.java @@ -38,6 +38,7 @@ import org.jboss.resteasy.spi.Failure; import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.interception.PreProcessInterceptor; +import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthMethodMapping; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.IAuthToken; @@ -89,7 +90,7 @@ public class AuthMethodInterceptor implements PreProcessInterceptor { Class<?> clazz = resourceMethod.getResourceClass(); Method method = resourceMethod.getMethod(); - System.out.println("AuthInterceptor: "+clazz.getSimpleName()+"."+method.getName()+"()"); + CMS.debug("AuthMethodInterceptor: "+clazz.getSimpleName()+"."+method.getName()+"()"); // Get authentication mapping for the method. AuthMethodMapping authMapping = method.getAnnotation(AuthMethodMapping.class); @@ -108,7 +109,7 @@ public class AuthMethodInterceptor implements PreProcessInterceptor { name = authMapping.value(); } - System.out.println("AuthInterceptor: mapping name: "+name); + CMS.debug("AuthMethodInterceptor: mapping name: "+name); try { loadAuthProperties(); @@ -121,23 +122,23 @@ public class AuthMethodInterceptor implements PreProcessInterceptor { } } - System.out.println("AuthInterceptor: required auth methods: "+authMethods); + CMS.debug("AuthMethodInterceptor: required auth methods: "+authMethods); Principal principal = securityContext.getUserPrincipal(); // If unauthenticated, reject request. if (principal == null) { if (authMethods.isEmpty() || authMethods.contains("anonymous") || authMethods.contains("*")) { - System.out.println("AuthInterceptor: anonymous access allowed"); + CMS.debug("AuthMethodInterceptor: anonymous access allowed"); return null; } - System.out.println("AuthInterceptor: anonymous access not allowed"); + CMS.debug("AuthMethodInterceptor: anonymous access not allowed"); throw new ForbiddenException("Anonymous access not allowed."); } // If unrecognized principal, reject request. if (!(principal instanceof PKIPrincipal)) { - System.out.println("AuthInterceptor: unknown principal"); + CMS.debug("AuthMethodInterceptor: unknown principal"); throw new ForbiddenException("Unknown user principal"); } @@ -146,20 +147,20 @@ public class AuthMethodInterceptor implements PreProcessInterceptor { // If missing auth token, reject request. if (authToken == null) { - System.out.println("AuthInterceptor: missing authentication token"); + CMS.debug("AuthMethodInterceptor: missing authentication token"); throw new ForbiddenException("Missing authentication token."); } String authManager = (String)authToken.get(AuthToken.TOKEN_AUTHMGR_INST_NAME); - System.out.println("AuthInterceptor: authentication manager: "+authManager); + CMS.debug("AuthMethodInterceptor: authentication manager: "+authManager); if (authManager == null) { - System.out.println("AuthInterceptor: missing authentication manager"); + CMS.debug("AuthMethodInterceptor: missing authentication manager"); throw new ForbiddenException("Missing authentication manager."); } if (authMethods.isEmpty() || authMethods.contains(authManager) || authMethods.contains("*")) { - System.out.println("AuthInterceptor: "+authManager+" allowed"); + CMS.debug("AuthMethodInterceptor: "+authManager+" allowed"); return null; } |