Here are my review comments per discussion:
* The exception message with less detail looks fine
* First thing I noticed is that the "signed audit" messages don't
conform to the format. Looking closely, I see that you have picked
up an outdated interface. The real signed auditor is supposed to be
called by doing:
IAuditor auditor = CMS.getAuditor();
The authz fail event is supposed to be
LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4
and the call is done as:
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
auditSubjectID,
ILogger.FAILURE,
auditACLResource,
auditOperation);
audit(auditMessage); where audit is resolved to
auditor.log(auditMessage);
See AdminServlet.java for example.
Anyway, all the CS servlets do auditing that way, and so the REST
interface should do it the same way. So, instead of adding audit
messages in the authorization modules, I suggest you
1. put the message in debug log instead
2. If it does not exist, file a ticket for REST interface to do
signed auditing
Christina
On 07/25/2014 07:02 PM, Matthew Harmsen
wrote:
Please review the following attached patch (using the attached
test procedure) which addresses:
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel