Re: [Pki-devel] [PATCH] pki-cfu-0058-Ticket-1160-audit-logging-needed-REST-API-auth-authz.patch

Attached please find the update. Two things to note: 1. for comment #2, as discussed over irc, I put the auth manager id in the authToken instead. Turns out the session contaxt has the whole authToken in it, so there is no need to put it in separately in the session context. 2. for comment #3, the difference between the password based and cert based auth is that by the time it gets here, cert based auth already passed the ssl auth, so we know exactly who the subject is, and what remains is just a matter of mapping it to the right user in the internaldb. Unlike cert based auth, the password based auth could be anyone attempted to be the uid provided in the auth, so the "attempted" is more useful in capturing the attempt. I changed it so that for cert based auth now has "attemptedUID" to be the same as that of the subjectid, and I added comment to explain that. The two auth methods are going to be different, and for a good reason. I addressed the rest of the comments as requested. thanks, Christina