* public class CAAdminServlet extends AdminServlet {
* ...
* }
*
*
* @version $Revision$, $Date$
*/
public class AdminServlet extends HttpServlet {
/**
*
*/
private static final long serialVersionUID = 7740464244137421542L;
private final static String HDR_AUTHORIZATION = "Authorization";
private final static String HDR_LANG = "accept-language";
private final static String HDR_CONTENT_LEN = "Content-Length";
protected ILogger mLogger = CMS.getLogger();
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private IUGSubsystem mUG = null;
protected IConfigStore mConfig = null;
protected IAuthzSubsystem mAuthz = null;
// we don't allow to switch authz db mid-way, for now
protected String mAclMethod = null;
protected String mOp = "";
protected static String AUTHZ_RES_NAME = "certServer";
protected AuthzToken mToken;
private String mServletID = null;
public final static String PROP_AUTHZ_MGR = "AuthzMgr";
public final static String PROP_ACL = "ACLinfo";
public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
public final static String PROP_ID = "ID";
public final static String AUTHZ_CONFIG_STORE = "authz";
public final static String AUTHZ_SRC_TYPE = "sourceType";
public final static String AUTHZ_SRC_LDAP = "ldap";
public final static String AUTHZ_SRC_XML = "web.xml";
public static final String CERT_ATTR =
"javax.servlet.request.X509Certificate";
public final static String SIGNED_AUDIT_SCOPE = "Scope";
public final static String SIGNED_AUDIT_OPERATION = "Operation";
public final static String SIGNED_AUDIT_RESOURCE = "Resource";
public final static String SIGNED_AUDIT_RULENAME = "RULENAME";
public final static String SIGNED_AUDIT_PASSWORD_VALUE = "********";
public final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown";
public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
"LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
"LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
"LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
"LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
"LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
private final static String CERTUSERDB =
IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
private final static String PASSWDUSERDB =
IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
/**
* Constructs generic administration servlet.
*/
public AdminServlet() {
}
/**
* Initializes the servlet.
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
mConfig = CMS.getConfigStore();
String srcType = AUTHZ_SRC_LDAP;
try {
IConfigStore authzConfig = mConfig.getSubStore(AUTHZ_CONFIG_STORE);
srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
} catch (EBaseException e) {
CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE"));
}
mAuthz =
(IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
mServletID = getSCparam(sc, PROP_ID, "servlet id unknown");
CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID));
if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
// get authz mgr from xml file; if not specified, use
// ldap by default
mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP);
if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
String aclInfo = sc.getInitParameter(PROP_ACL);
if (aclInfo != null) {
try {
addACLInfo(aclInfo);
//mAuthz.authzMgrAccessInit(mAclMethod, aclInfo);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL"));
throw new ServletException("failed to init authz info from xml config file");
}
CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID));
} else { // PROP_AUTHZ_MGR not specified, use default authzmgr
CMS.debug("AdminServlet: "
+ CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP));
}
} else { // PROP_AUTHZ_MGR not specified, use default authzmgr
CMS.debug("AdminServlet: "
+ CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP));
}
} else {
mAclMethod = AUTHZ_MGR_LDAP;
CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID));
}
}
public void outputHttpParameters(HttpServletRequest httpReq) {
CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
@SuppressWarnings("unchecked")
Enumeration* *
* *
* * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { mConfig.commit(createBackup); } private void log(int level, String msg) { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, level, "AdminServlet: " + msg); } /** * Signed Audit Log * * This method is inherited by all extended admin servlets * and is called to store messages to the signed audit log. *
* * @param msg signed audit log message */ protected void audit(String msg) { // in this case, do NOT strip preceding/trailing whitespace // from passed-in String parameters if (mSignedAuditLogger == null) { return; } mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID * * This method is inherited by all extended "CMSServlet"s, * and is called to obtain the "SubjectID" for * a signed audit log message. *
* * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { // if no signed audit object exists, bail if (mSignedAuditLogger == null) { return null; } String subjectID = null; // Initialize subjectID SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); } else { subjectID = ILogger.NONROLEUSER; } } else { subjectID = ILogger.UNIDENTIFIED; } return subjectID; } /** * Signed Audit Parameters * * This method is inherited by all extended admin servlets and * is called to extract parameters from the HttpServletRequest * and return a string of name;;value pairs separated by a '+' * if more than one name;;value pair exists. *
*
* @param req HTTP servlet request
* @return a delimited string of one or more delimited name/value pairs
*/
protected String auditParams(HttpServletRequest req) {
// if no signed audit object exists, bail
if (mSignedAuditLogger == null) {
return null;
}
String parameters = SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR;
String value = null;
// always identify the scope of the request
if (req.getParameter(Constants.OP_SCOPE) != null) {
parameters = SIGNED_AUDIT_SCOPE
+ SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ req.getParameter(Constants.OP_SCOPE);
}
// identify the operation type of the request
if (req.getParameter(Constants.OP_TYPE) != null) {
parameters += SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER;
parameters += SIGNED_AUDIT_OPERATION
+ SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ req.getParameter(Constants.OP_TYPE);
}
// identify the resource type of the request
if (req.getParameter(Constants.RS_ID) != null) {
parameters += SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER;
parameters += SIGNED_AUDIT_RESOURCE
+ SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ req.getParameter(Constants.RS_ID);
}
// identify any remaining request parameters
@SuppressWarnings("unchecked")
Enumeration
*
* @param SubjectID string containing the signed audit log message SubjectID
* @return a delimited string of groups associated
* with the "auditSubjectID()"
*/
private String auditGroups(String SubjectID) {
// if no signed audit object exists, bail
if (mSignedAuditLogger == null) {
return null;
}
if ((SubjectID == null) ||
(SubjectID.equals(ILogger.UNIDENTIFIED))) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
Enumeration