From 6625f6b9cbf5ec412de7258363ee2f88e24fc83c Mon Sep 17 00:00:00 2001 From: vakwetu Date: Wed, 20 Jul 2011 17:44:03 +0000 Subject: Bugzilla BZ 722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2068 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../com/netscape/cms/servlet/base/CMSServlet.java | 73 ++++++++++++++++++++-- .../cms/servlet/profile/ProfileSubmitServlet.java | 3 +- 2 files changed, 71 insertions(+), 5 deletions(-) (limited to 'pki/base/common/src') diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 58ffe9e6e..9e0f1f32c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -1817,11 +1817,76 @@ public abstract class CMSServlet extends HttpServlet { } } - public AuthzToken authorize(String authzMgrName, IAuthToken authToken, + public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, String exp) throws EBaseException { - AuthzToken authzToken = mAuthz.authorize(authzMgrName, authToken, - exp); - return authzToken; + AuthzToken authzToken = null; + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditGroupID = auditGroupID(); + String auditACLResource = resource; + String auditOperation = "enroll"; + + SessionContext auditContext = SessionContext.getExistingContext(); + String authManagerId = null; + + try { + authzToken = mAuthz.authorize(authzMgrName, authToken, exp); + if (authzToken != null) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditACLResource, + auditOperation); + + audit(auditMessage); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.SUCCESS, + auditGroupID); + + audit(auditMessage); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); + + audit(auditMessage); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroupID); + + audit(auditMessage); + } + return authzToken; + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); + + audit(auditMessage); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroupID); + + audit(auditMessage); + throw new EBaseException(e.toString()); + } } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 1026eef30..a5e8a1fb7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -1028,7 +1028,8 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); if (acl != null && acl.length() > 0) { try { - AuthzToken authzToken = authorize(mAclMethod, authToken, acl); + String resource = profileId + ".authz.acl"; + AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); } catch (Exception e) { CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); if (xmlOutput) { -- cgit