diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
| commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
| tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java | |
| parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
| download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip | |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java | 698 |
1 files changed, 383 insertions, 315 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index a6fb0bfd..08996734 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -55,27 +56,32 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; + /** - * A class represents an administration servlet that is responsible to serve - * administrative operation such as configuration parameter updates. - * - * Since each administration servlet needs to perform authentication information - * parsing and response formulation, it makes sense to encapsulate the + * A class represents an administration servlet that + * is responsible to serve administrative + * operation such as configuration parameter updates. + * + * Since each administration servlet needs to perform + * authentication information parsing and response + * formulation, it makes sense to encapsulate the * commonalities into this class. - * - * By extending this serlvet, the subclass does not need to re-implement the - * request parsing code (i.e. authentication information parsing). - * - * If a subsystem needs to expose configuration parameters management, it should - * create an administration servlet (i.e. CAAdminServlet) and register it to - * RemoteAdmin subsystem. - * + * + * By extending this serlvet, the subclass does not + * need to re-implement the request parsing code + * (i.e. authentication information parsing). + * + * If a subsystem needs to expose configuration + * parameters management, it should create an + * administration servlet (i.e. CAAdminServlet) + * and register it to RemoteAdmin subsystem. + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -111,7 +117,8 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = + "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -122,13 +129,20 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; - private final static String CERTUSERDB = IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; - private final static String PASSWDUSERDB = IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = + "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = + "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = + "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String CERTUSERDB = + IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + private final static String PASSWDUSERDB = + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -151,20 +165,18 @@ public class AdminServlet extends HttpServlet { srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); } - mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); + mAuthz = + (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); mServletID = getSCparam(sc, PROP_ID, "servlet id unknown"); - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); - // get authz mgr from xml file; if not specified, use - // ldap by default + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); + // get authz mgr from xml file; if not specified, use + // ldap by default mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP); if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { @@ -173,79 +185,72 @@ public class AdminServlet extends HttpServlet { if (aclInfo != null) { try { addACLInfo(aclInfo); - // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); + //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); - throw new ServletException( - "failed to init authz info from xml config file"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); + throw new ServletException("failed to init authz info from xml config file"); } - CMS.debug("AdminServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", - mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID)); } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " - + CMS.getLogMessage( - "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, - mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); } } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", - PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); } } else { mAclMethod = AUTHZ_MGR_LDAP; - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", - mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID)); } } - public void outputHttpParameters(HttpServletRequest httpReq) { + public void outputHttpParameters(HttpServletRequest httpReq) + { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String) paramNames.nextElement(); + String pn = (String)paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("AdminServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("AdminServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException("CMS server is not ready to serve."); + throw new IOException( + "CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -269,21 +274,22 @@ public class AdminServlet extends HttpServlet { } /** - * Authenticates to the identity scope with the given userid and password - * via identity manager. + * Authenticates to the identity scope with the given + * userid and password via identity manager. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the SSL - * violation; CMS authMgr can pick up cert mis-match, so this event is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when - * authentication succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the + * SSL violation; CMS authMgr can pick up cert mis-match, so this event + * is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication + * succeeded * </ul> - * * @exception IOException an input/output error has occurred */ - protected void authenticate(HttpServletRequest req) throws IOException { + protected void authenticate(HttpServletRequest req) throws + IOException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; @@ -300,20 +306,22 @@ public class AdminServlet extends HttpServlet { } catch (EBaseException e) { // do nothing for now. } - IAuthSubsystem auth = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem auth = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { - X509Certificate[] allCerts = (X509Certificate[]) req - .getAttribute(CERT_ATTR); + X509Certificate[] allCerts = + (X509Certificate[]) req.getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); @@ -350,25 +358,25 @@ public class AdminServlet extends HttpServlet { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - log(ILogger.LL_DEBUG, - CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", mServletID)); + log(ILogger.LL_DEBUG, CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", + mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager authMgr = auth - .get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); - IAuthCredentials authCreds = getAuthCreds(authMgr, cert); + IAuthManager + authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthCredentials authCreds = + getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { String authToken = req.getHeader(HDR_AUTHORIZATION); - String b64s = authToken.substring(authToken - .lastIndexOf(' ') + 1); - String authCode = new String( - com.netscape.osutil.OSUtil.AtoB(b64s)); + String b64s = authToken.substring( + authToken.lastIndexOf(' ') + 1); + String authCode = new String(com.netscape.osutil.OSUtil.AtoB(b64s)); String userid = authCode.substring(0, authCode.lastIndexOf(':')); - String password = authCode.substring(authCode - .lastIndexOf(':') + 1); + String password = authCode.substring( + authCode.lastIndexOf(':') + 1); AuthCredentials cred = new AuthCredentials(); // save the "userid" of this certificate in case it @@ -387,36 +395,40 @@ public class AdminServlet extends HttpServlet { cred.set("pwd", password); token = auth.authenticate(cred, - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", - mServletID)); + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", + mServletID)); } } catch (EBaseException e) { - // will fix it later for authorization + //will fix it later for authorization /* - * String errMsg = "authenticate(): " + - * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ - * e.getMessage(); log(ILogger.LL_FAILURE, - * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", - * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), - * userid,e.getMessage())); + String errMsg = "authenticate(): " + + AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ + e.getMessage(); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", + CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), + userid,e.getMessage())); */ if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -428,24 +440,29 @@ public class AdminServlet extends HttpServlet { String tuserid = token.getInString("userid"); if (tuserid == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_NO_AUTH_TOKEN", tuserid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - CERTUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -459,24 +476,29 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(tuserid); if (user == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_USER_NOT_FOUND", tuserid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", + tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - CERTUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -492,27 +514,27 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER_ID, tuserid); sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { - mLogger.log( - ILogger.EV_SYSTEM, - ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", - e.toString())); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -520,23 +542,28 @@ public class AdminServlet extends HttpServlet { throw new IOException("authentication failed"); } catch (EBaseException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERROR", e.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERROR", + e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, ILogger.FAILURE, - PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -552,15 +579,19 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), - ILogger.SUCCESS, CERTUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + auditSubjectID(), + ILogger.SUCCESS, + CERTUSERDB); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), - ILogger.SUCCESS, PASSWDUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + auditSubjectID(), + ILogger.SUCCESS, + PASSWDUSERDB); audit(auditMessage); } @@ -568,15 +599,21 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, - ILogger.FAILURE, CERTUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, - ILogger.FAILURE, PASSWDUSERDB, auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, + ILogger.FAILURE, + PASSWDUSERDB, + auditUID); audit(auditMessage); } @@ -586,8 +623,9 @@ public class AdminServlet extends HttpServlet { } } - public static AuthCredentials getAuthCreds(IAuthManager authMgr, - X509Certificate clientCert) throws EBaseException { + public static AuthCredentials getAuthCreds( + IAuthManager authMgr, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -597,7 +635,8 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert }); + creds.set(reqCred, new X509Certificate[] { clientCert} + ); } } return creds; @@ -606,16 +645,15 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when - * authorization is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes - * a role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization + * is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a + * role (in current CMS that's when one accesses a role port) * </ul> - * * @param req HTTP servlet request * @return the authorization token */ @@ -633,79 +671,92 @@ public class AdminServlet extends HttpServlet { AuthzToken authzTok = null; - CMS.debug("AdminServlet: " - + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); + CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); // hardcoded for now .. just testing try { // we check both "read" and "write" for now. later within - // each servlet, they can break it down - authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, - mOp); + // each servlet, they can break it down + authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp); // initialize the ACL resource, overwriting "auditACLResource" // if it is not null - resource = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); + resource = (String) + authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); if (resource != null) { auditACLResource = resource.trim(); } // initialize the operation, overwriting "auditOperation" // if it is not null - operation = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); + operation = (String) + authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); if (operation != null) { auditOperation = operation.trim(); } CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_SUCCEED", mServletID)); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (Exception e) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, ILogger.FAILURE, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, + ILogger.FAILURE, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -713,15 +764,21 @@ public class AdminServlet extends HttpServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, - auditSubjectID, ILogger.SUCCESS, auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, + ILogger.SUCCESS, + auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, ILogger.SUCCESS, auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, + ILogger.SUCCESS, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -740,7 +797,7 @@ public class AdminServlet extends HttpServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } @@ -751,14 +808,15 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) throws IOException { + NameValuePairs params, HttpServletResponse resp) + throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -774,10 +832,11 @@ public class AdminServlet extends HttpServlet { if (e.hasMoreElements()) { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - String value = java.net.URLEncoder.encode((String) params - .getValue(name)); + String value = java.net.URLEncoder.encode((String) + params.getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + "=" + value); + buf.append(java.net.URLEncoder.encode(name) + + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -820,24 +879,25 @@ public class AdminServlet extends HttpServlet { protected String getParameter(HttpServletRequest req, String name) { // Servlet framework already apply URLdecode - // return URLdecode(req.getParameter(name)); + // return URLdecode(req.getParameter(name)); return req.getParameter(name); } /** * Generic configuration store get operation. */ - protected synchronized void getConfig(IConfigStore config, - HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + protected synchronized void getConfig( + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - // if (name.equals(Constants.PT_OP)) - // continue; + //if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -845,36 +905,38 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - // System.out.println(name); - // System.out.println(name+","+config.getString(name)); + //System.out.println(name); + //System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); } /** - * Generic configuration store set operation. The caller is responsible to - * do validiation before calling this, and commit changes after this call. + * Generic configuration store set operation. + * The caller is responsible to do validiation before + * calling this, and commit changes after this call. */ - protected synchronized void setConfig(IConfigStore config, - HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + protected synchronized void setConfig( + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - // if (name.equals(Constants.PT_OP)) - // continue; + //if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -884,9 +946,10 @@ public class AdminServlet extends HttpServlet { /** * Lists configuration store. */ - protected synchronized void listConfig(IConfigStore config, - HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + protected synchronized void listConfig( + IConfigStore config, HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -904,14 +967,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -920,9 +983,9 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(userid); if (user == null) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -938,10 +1001,10 @@ public class AdminServlet extends HttpServlet { if (mAnd) { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + mLogger.log( + ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -949,10 +1012,10 @@ public class AdminServlet extends HttpServlet { } else { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_INFO, CMS.getLogMessage( - "ADMIN_SRVLT_GRP_AUTH_SUCC_USER", - userid, mGroupNames[i])); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, + mGroupNames[i])); return true; } } @@ -964,25 +1027,24 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, CMS.getLogMessage( - "ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, - groups.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * - * The original config file is moved to <filename>.<date>. Commits the - * current properties to the configuration file. + * + * The original config file is moved to <filename>.<date>. + * Commits the current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -992,17 +1054,17 @@ public class AdminServlet extends HttpServlet { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, level, - "AdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, + level, "AdminServlet: " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended admin servlets and is called to - * store messages to the signed audit log. + * + * This method is inherited by all extended admin servlets + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1013,17 +1075,21 @@ public class AdminServlet extends HttpServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1038,7 +1104,8 @@ public class AdminServlet extends HttpServlet { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1054,13 +1121,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * - * This method is inherited by all extended admin servlets and is called to - * extract parameters from the HttpServletRequest and return a string of - * name;;value pairs separated by a '+' if more than one name;;value pair - * exists. + * + * This method is inherited by all extended admin servlets and + * is called to extract parameters from the HttpServletRequest + * and return a string of name;;value pairs separated by a '+' + * if more than one name;;value pair exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1075,7 +1142,8 @@ public class AdminServlet extends HttpServlet { // always identify the scope of the request if (req.getParameter(Constants.OP_SCOPE) != null) { - parameters = SIGNED_AUDIT_SCOPE + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters = SIGNED_AUDIT_SCOPE + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + req.getParameter(Constants.OP_SCOPE); } @@ -1126,47 +1194,48 @@ public class AdminServlet extends HttpServlet { value = value.trim(); if (value.equals("")) { - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } else { // // To fix Blackflag Bug # 613800: // - // Check "com.netscape.certsrv.common.Constants" for - // case-insensitive "password", "pwd", and "passwd" - // name fields, and hide any password values: + // Check "com.netscape.certsrv.common.Constants" for + // case-insensitive "password", "pwd", and "passwd" + // name fields, and hide any password values: // - /* "password" */if (name.equals(Constants.PASSWORDTYPE) - || name.equals(Constants.TYPE_PASSWORD) - || name.equals(Constants.PR_USER_PASSWORD) - || name.equals(Constants.PT_OLD_PASSWORD) - || name.equals(Constants.PT_NEW_PASSWORD) - || name.equals(Constants.PT_DIST_STORE) - || name.equals(Constants.PT_DIST_EMAIL) - || - /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) - || - // ignore this one name.equals( - // Constants.PR_BINDPWD_PROMPT ) || - name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) - || name.equals(Constants.PR_OLD_AGENT_PWD) - || name.equals(Constants.PR_AGENT_PWD) - || name.equals(Constants.PT_PUBLISH_PWD) || - /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) - || name.equals(Constants.PR_BIND_PASSWD_AGAIN) - || name.equals(Constants.PR_TOKEN_PASSWD)) { + /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || + name.equals( Constants.TYPE_PASSWORD ) || + name.equals( Constants.PR_USER_PASSWORD ) || + name.equals( Constants.PT_OLD_PASSWORD ) || + name.equals( Constants.PT_NEW_PASSWORD ) || + name.equals( Constants.PT_DIST_STORE ) || + name.equals( Constants.PT_DIST_EMAIL ) || + /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || + // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || + name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || + name.equals( Constants.PR_OLD_AGENT_PWD ) || + name.equals( Constants.PR_AGENT_PWD ) || + name.equals( Constants.PT_PUBLISH_PWD ) || + /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || + name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || + name.equals( Constants.PR_TOKEN_PASSWD ) ) { // hide password value - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + SIGNED_AUDIT_PASSWORD_VALUE; + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + SIGNED_AUDIT_PASSWORD_VALUE; } else { // process normally - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + value; + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + value; } } } else { - parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } @@ -1176,14 +1245,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated with the - * "auditSubjectID()". + * + * This method is called to extract all "groups" associated + * with the "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID - * @return a delimited string of groups associated with the - * "auditSubjectID()" + * @return a delimited string of groups associated + * with the "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1191,7 +1260,8 @@ public class AdminServlet extends HttpServlet { return null; } - if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { + if ((SubjectID == null) || + (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1209,7 +1279,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length() != 0) { + if (membersString.length()!=0) { membersString.append(", "); } @@ -1217,7 +1287,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length() != 0) { + if (membersString.length()!= 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1225,8 +1295,7 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) - return null; + if (s == null) return null; NameValuePairs nvps = new NameValuePairs(); int i; @@ -1241,8 +1310,7 @@ public class AdminServlet extends HttpServlet { } - protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo( - String className) { + protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(String className) { IExtendedPluginInfo epi = null; |