diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java | 698 |
1 files changed, 315 insertions, 383 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 08996734..a6fb0bfd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -56,32 +55,27 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; - /** - * A class represents an administration servlet that - * is responsible to serve administrative - * operation such as configuration parameter updates. - * - * Since each administration servlet needs to perform - * authentication information parsing and response - * formulation, it makes sense to encapsulate the + * A class represents an administration servlet that is responsible to serve + * administrative operation such as configuration parameter updates. + * + * Since each administration servlet needs to perform authentication information + * parsing and response formulation, it makes sense to encapsulate the * commonalities into this class. - * - * By extending this serlvet, the subclass does not - * need to re-implement the request parsing code - * (i.e. authentication information parsing). - * - * If a subsystem needs to expose configuration - * parameters management, it should create an - * administration servlet (i.e. CAAdminServlet) - * and register it to RemoteAdmin subsystem. - * + * + * By extending this serlvet, the subclass does not need to re-implement the + * request parsing code (i.e. authentication information parsing). + * + * If a subsystem needs to expose configuration parameters management, it should + * create an administration servlet (i.e. CAAdminServlet) and register it to + * RemoteAdmin subsystem. + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -117,8 +111,7 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -129,20 +122,13 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; - private final static String CERTUSERDB = - IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; - private final static String PASSWDUSERDB = - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String CERTUSERDB = IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + private final static String PASSWDUSERDB = IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -165,18 +151,20 @@ public class AdminServlet extends HttpServlet { srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); } - mAuthz = - (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); + mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); mServletID = getSCparam(sc, PROP_ID, "servlet id unknown"); - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); - // get authz mgr from xml file; if not specified, use - // ldap by default + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); + // get authz mgr from xml file; if not specified, use + // ldap by default mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP); if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { @@ -185,72 +173,79 @@ public class AdminServlet extends HttpServlet { if (aclInfo != null) { try { addACLInfo(aclInfo); - //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); + // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); - throw new ServletException("failed to init authz info from xml config file"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); + throw new ServletException( + "failed to init authz info from xml config file"); } - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", + mServletID)); } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, + mServletID, AUTHZ_MGR_LDAP)); } } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", + PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); } } else { mAclMethod = AUTHZ_MGR_LDAP; - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", + mServletID)); } } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException( - "CMS server is not ready to serve."); + throw new IOException("CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -274,22 +269,21 @@ public class AdminServlet extends HttpServlet { } /** - * Authenticates to the identity scope with the given - * userid and password via identity manager. + * Authenticates to the identity scope with the given userid and password + * via identity manager. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CMS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CMS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception IOException an input/output error has occurred */ - protected void authenticate(HttpServletRequest req) throws - IOException { + protected void authenticate(HttpServletRequest req) throws IOException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; @@ -306,22 +300,20 @@ public class AdminServlet extends HttpServlet { } catch (EBaseException e) { // do nothing for now. } - IAuthSubsystem auth = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem auth = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { - X509Certificate[] allCerts = - (X509Certificate[]) req.getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) req + .getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); @@ -358,25 +350,25 @@ public class AdminServlet extends HttpServlet { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - log(ILogger.LL_DEBUG, CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", - mServletID)); + log(ILogger.LL_DEBUG, + CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager - authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); - IAuthCredentials authCreds = - getAuthCreds(authMgr, cert); + IAuthManager authMgr = auth + .get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthCredentials authCreds = getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { String authToken = req.getHeader(HDR_AUTHORIZATION); - String b64s = authToken.substring( - authToken.lastIndexOf(' ') + 1); - String authCode = new String(com.netscape.osutil.OSUtil.AtoB(b64s)); + String b64s = authToken.substring(authToken + .lastIndexOf(' ') + 1); + String authCode = new String( + com.netscape.osutil.OSUtil.AtoB(b64s)); String userid = authCode.substring(0, authCode.lastIndexOf(':')); - String password = authCode.substring( - authCode.lastIndexOf(':') + 1); + String password = authCode.substring(authCode + .lastIndexOf(':') + 1); AuthCredentials cred = new AuthCredentials(); // save the "userid" of this certificate in case it @@ -395,40 +387,36 @@ public class AdminServlet extends HttpServlet { cred.set("pwd", password); token = auth.authenticate(cred, - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", - mServletID)); + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", + mServletID)); } } catch (EBaseException e) { - //will fix it later for authorization + // will fix it later for authorization /* - String errMsg = "authenticate(): " + - AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ - e.getMessage(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", - CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), - userid,e.getMessage())); + * String errMsg = "authenticate(): " + + * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ + * e.getMessage(); log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", + * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), + * userid,e.getMessage())); */ if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -440,29 +428,24 @@ public class AdminServlet extends HttpServlet { String tuserid = token.getInString("userid"); if (tuserid == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", - tuserid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_NO_AUTH_TOKEN", tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + CERTUSERDB, auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -476,29 +459,24 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(tuserid); if (user == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", - tuserid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_USER_NOT_FOUND", tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + CERTUSERDB, auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -514,27 +492,27 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER_ID, tuserid); sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", + e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -542,28 +520,23 @@ public class AdminServlet extends HttpServlet { throw new IOException("authentication failed"); } catch (EBaseException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERROR", - e.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERROR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -579,19 +552,15 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - auditSubjectID(), - ILogger.SUCCESS, - CERTUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), + ILogger.SUCCESS, CERTUSERDB); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - auditSubjectID(), - ILogger.SUCCESS, - PASSWDUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), + ILogger.SUCCESS, PASSWDUSERDB); audit(auditMessage); } @@ -599,21 +568,15 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, + ILogger.FAILURE, CERTUSERDB, auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, + ILogger.FAILURE, PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -623,9 +586,8 @@ public class AdminServlet extends HttpServlet { } } - public static AuthCredentials getAuthCreds( - IAuthManager authMgr, X509Certificate clientCert) - throws EBaseException { + public static AuthCredentials getAuthCreds(IAuthManager authMgr, + X509Certificate clientCert) throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -635,8 +597,7 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert }); } } return creds; @@ -645,15 +606,16 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CMS that's when one accesses a role port) * </ul> + * * @param req HTTP servlet request * @return the authorization token */ @@ -671,92 +633,79 @@ public class AdminServlet extends HttpServlet { AuthzToken authzTok = null; - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); // hardcoded for now .. just testing try { // we check both "read" and "write" for now. later within - // each servlet, they can break it down - authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp); + // each servlet, they can break it down + authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, + mOp); // initialize the ACL resource, overwriting "auditACLResource" // if it is not null - resource = (String) - authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); + resource = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); if (resource != null) { auditACLResource = resource.trim(); } // initialize the operation, overwriting "auditOperation" // if it is not null - operation = (String) - authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); + operation = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); if (operation != null) { auditOperation = operation.trim(); } CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_SUCCEED", mServletID)); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (Exception e) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -764,21 +713,15 @@ public class AdminServlet extends HttpServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, ILogger.SUCCESS, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.SUCCESS, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.SUCCESS, auditGroups(auditSubjectID)); audit(auditMessage); @@ -797,7 +740,7 @@ public class AdminServlet extends HttpServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } @@ -808,15 +751,14 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) - throws IOException { + NameValuePairs params, HttpServletResponse resp) throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -832,11 +774,10 @@ public class AdminServlet extends HttpServlet { if (e.hasMoreElements()) { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - String value = java.net.URLEncoder.encode((String) - params.getValue(name)); + String value = java.net.URLEncoder.encode((String) params + .getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + - "=" + value); + buf.append(java.net.URLEncoder.encode(name) + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -879,25 +820,24 @@ public class AdminServlet extends HttpServlet { protected String getParameter(HttpServletRequest req, String name) { // Servlet framework already apply URLdecode - // return URLdecode(req.getParameter(name)); + // return URLdecode(req.getParameter(name)); return req.getParameter(name); } /** * Generic configuration store get operation. */ - protected synchronized void getConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + protected synchronized void getConfig(IConfigStore config, + HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -905,38 +845,36 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - //System.out.println(name); - //System.out.println(name+","+config.getString(name)); + // System.out.println(name); + // System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); } /** - * Generic configuration store set operation. - * The caller is responsible to do validiation before - * calling this, and commit changes after this call. + * Generic configuration store set operation. The caller is responsible to + * do validiation before calling this, and commit changes after this call. */ - protected synchronized void setConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + protected synchronized void setConfig(IConfigStore config, + HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -946,10 +884,9 @@ public class AdminServlet extends HttpServlet { /** * Lists configuration store. */ - protected synchronized void listConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + protected synchronized void listConfig(IConfigStore config, + HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -967,14 +904,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -983,9 +920,9 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(userid); if (user == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -1001,10 +938,10 @@ public class AdminServlet extends HttpServlet { if (mAnd) { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -1012,10 +949,10 @@ public class AdminServlet extends HttpServlet { } else { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, - mGroupNames[i])); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, CMS.getLogMessage( + "ADMIN_SRVLT_GRP_AUTH_SUCC_USER", + userid, mGroupNames[i])); return true; } } @@ -1027,24 +964,25 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, + groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * - * The original config file is moved to <filename>.<date>. - * Commits the current properties to the configuration file. + * + * The original config file is moved to <filename>.<date>. Commits the + * current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -1054,17 +992,17 @@ public class AdminServlet extends HttpServlet { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, - level, "AdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, level, + "AdminServlet: " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended admin servlets - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended admin servlets and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1075,21 +1013,17 @@ public class AdminServlet extends HttpServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1104,8 +1038,7 @@ public class AdminServlet extends HttpServlet { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1121,13 +1054,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * - * This method is inherited by all extended admin servlets and - * is called to extract parameters from the HttpServletRequest - * and return a string of name;;value pairs separated by a '+' - * if more than one name;;value pair exists. + * + * This method is inherited by all extended admin servlets and is called to + * extract parameters from the HttpServletRequest and return a string of + * name;;value pairs separated by a '+' if more than one name;;value pair + * exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1142,8 +1075,7 @@ public class AdminServlet extends HttpServlet { // always identify the scope of the request if (req.getParameter(Constants.OP_SCOPE) != null) { - parameters = SIGNED_AUDIT_SCOPE - + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters = SIGNED_AUDIT_SCOPE + SIGNED_AUDIT_NAME_VALUE_DELIMITER + req.getParameter(Constants.OP_SCOPE); } @@ -1194,48 +1126,47 @@ public class AdminServlet extends HttpServlet { value = value.trim(); if (value.equals("")) { - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } else { // // To fix Blackflag Bug # 613800: // - // Check "com.netscape.certsrv.common.Constants" for - // case-insensitive "password", "pwd", and "passwd" - // name fields, and hide any password values: + // Check "com.netscape.certsrv.common.Constants" for + // case-insensitive "password", "pwd", and "passwd" + // name fields, and hide any password values: // - /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || - name.equals( Constants.TYPE_PASSWORD ) || - name.equals( Constants.PR_USER_PASSWORD ) || - name.equals( Constants.PT_OLD_PASSWORD ) || - name.equals( Constants.PT_NEW_PASSWORD ) || - name.equals( Constants.PT_DIST_STORE ) || - name.equals( Constants.PT_DIST_EMAIL ) || - /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || - // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || - name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || - name.equals( Constants.PR_OLD_AGENT_PWD ) || - name.equals( Constants.PR_AGENT_PWD ) || - name.equals( Constants.PT_PUBLISH_PWD ) || - /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || - name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || - name.equals( Constants.PR_TOKEN_PASSWD ) ) { + /* "password" */if (name.equals(Constants.PASSWORDTYPE) + || name.equals(Constants.TYPE_PASSWORD) + || name.equals(Constants.PR_USER_PASSWORD) + || name.equals(Constants.PT_OLD_PASSWORD) + || name.equals(Constants.PT_NEW_PASSWORD) + || name.equals(Constants.PT_DIST_STORE) + || name.equals(Constants.PT_DIST_EMAIL) + || + /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) + || + // ignore this one name.equals( + // Constants.PR_BINDPWD_PROMPT ) || + name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) + || name.equals(Constants.PR_OLD_AGENT_PWD) + || name.equals(Constants.PR_AGENT_PWD) + || name.equals(Constants.PT_PUBLISH_PWD) || + /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) + || name.equals(Constants.PR_BIND_PASSWD_AGAIN) + || name.equals(Constants.PR_TOKEN_PASSWD)) { // hide password value - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + SIGNED_AUDIT_PASSWORD_VALUE; + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + SIGNED_AUDIT_PASSWORD_VALUE; } else { // process normally - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + value; + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + value; } } } else { - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } @@ -1245,14 +1176,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1260,8 +1191,7 @@ public class AdminServlet extends HttpServlet { return null; } - if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1279,7 +1209,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -1287,7 +1217,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length()!= 0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1295,7 +1225,8 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) return null; + if (s == null) + return null; NameValuePairs nvps = new NameValuePairs(); int i; @@ -1310,7 +1241,8 @@ public class AdminServlet extends HttpServlet { } - protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(String className) { + protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo( + String className) { IExtendedPluginInfo epi = null; |