[Pki-devel] [PATCH] Remove ACL mapping to user from error messages
Christina Fu
cfu at redhat.com
Mon Jul 28 17:13:32 UTC 2014
Here are my review comments per discussion:
* The exception message with less detail looks fine
* First thing I noticed is that the "signed audit" messages don't
conform to the format. Looking closely, I see that you have picked up an
outdated interface. The real signed auditor is supposed to be called by
doing:
IAuditor auditor = CMS.getAuditor();
The authz fail event is supposed to be LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4
and the call is done as:
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
auditSubjectID,
ILogger.FAILURE,
auditACLResource,
auditOperation);
audit(auditMessage); where audit is resolved to
auditor.log(auditMessage);
See AdminServlet.java for example.
Anyway, all the CS servlets do auditing that way, and so the REST
interface should do it the same way. So, instead of adding audit
messages in the authorization modules, I suggest you
1. put the message in debug log instead
2. If it does not exist, file a ticket for REST interface to do signed
auditing
Christina
On 07/25/2014 07:02 PM, Matthew Harmsen wrote:
> Please review the following attached patch (using the attached test
> procedure) which addresses:
>
> * PKI TRAC Ticket #965 - Improve error message - remove ACL mapping
> to the user <https://fedorahosted.org/pki/ticket/965>
>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140728/dbc993e4/attachment.htm>
More information about the Pki-devel
mailing list