Here are my review comments per discussion:
* The exception message with less detail looks fine
* First thing I noticed is that the "signed audit" messages don't
conform to the format. Looking closely, I see that you have picked up an
outdated interface. The real signed auditor is supposed to be called by
doing:
IAuditor auditor = CMS.getAuditor();
The authz fail event is supposed to be LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4
and the call is done as:
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
auditSubjectID,
ILogger.FAILURE,
auditACLResource,
auditOperation);
audit(auditMessage); where audit is resolved to
auditor.log(auditMessage);
See AdminServlet.java for example.
Anyway, all the CS servlets do auditing that way, and so the REST
interface should do it the same way. So, instead of adding audit
messages in the authorization modules, I suggest you
1. put the message in debug log instead
2. If it does not exist, file a ticket for REST interface to do signed
auditing
Christina
On 07/25/2014 07:02 PM, Matthew Harmsen wrote:
Please review the following attached patch (using the attached test
procedure) which addresses:
* PKI TRAC Ticket #965 - Improve error message - remove ACL mapping
to the user <
https://fedorahosted.org/pki/ticket/965>
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel