private String getAccountName(final Caller caller, final String currentValue) { return currentValue != null ? currentValue : caller.getName(); }
private String getAccountName(final Caller caller, final String currentValue) { return currentValue != null ? currentValue : caller.getName(); }
private String getAccountName(final Caller caller, final String currentValue) { return currentValue != null ? currentValue : caller.getName(); }
private Set<String> mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) { Set<String> result = currentRoles; if (runAsRoles != null) { Set<String> roleSet = new HashSet<String>(); for (String role : runAsRoles) { String requestedRole = sanitized ? role : getRoleFromText(role); if (realRoleMapper.canRunAs(currentRoles, requestedRole)) { roleSet.add(requestedRole); } } if (roleSet.isEmpty() == false) { result = Collections.unmodifiableSet(roleSet); if (ACCESS_LOGGER.isTraceEnabled()) { StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append( "' Mapped to requested roles { "); for (String current : result) { sb.append("'").append(current).append("' "); } sb.append("}"); ACCESS_LOGGER.trace(sb.toString()); } } } return result; }
private Set<String> mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) { Set<String> result = currentRoles; if (runAsRoles != null) { Set<String> roleSet = new HashSet<String>(); for (String role : runAsRoles) { String requestedRole = sanitized ? role : getRoleFromText(role); if (realRoleMapper.canRunAs(currentRoles, requestedRole)) { roleSet.add(requestedRole); } } if (roleSet.isEmpty() == false) { result = Collections.unmodifiableSet(roleSet); if (ACCESS_LOGGER.isTraceEnabled()) { StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append( "' Mapped to requested roles { "); for (String current : result) { sb.append("'").append(current).append("' "); } sb.append("}"); ACCESS_LOGGER.trace(sb.toString()); } } } return result; }
private Set<String> mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) { Set<String> result = currentRoles; if (runAsRoles != null) { Set<String> roleSet = new HashSet<String>(); for (String role : runAsRoles) { String requestedRole = sanitized ? role : getRoleFromText(role); if (realRoleMapper.canRunAs(currentRoles, requestedRole)) { roleSet.add(requestedRole); } } if (roleSet.isEmpty() == false) { result = Collections.unmodifiableSet(roleSet); if (ACCESS_LOGGER.isTraceEnabled()) { StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append( "' Mapped to requested roles { "); for (String current : result) { sb.append("'").append(current).append("' "); } sb.append("}"); ACCESS_LOGGER.trace(sb.toString()); } } } return result; }
ACCESS_LOGGER .tracef("User '%s' assigned role '%s' due to realm assignment and no exclusion in role mapping definition.", caller.getName(), roleName); ACCESS_LOGGER .tracef("User '%s' NOT assigned role '%s' despite realm assignment due to exclusion match against %s.", caller.getName(), roleName, exclusion); ACCESS_LOGGER .tracef("User '%s' assigned role '%s' due to realm assignment and no role mapping to check for exclusion.", caller.getName(), roleName); if (traceEnabled) { if (includeAll) { ACCESS_LOGGER.tracef("User '%s' assiged role '%s' due to include-all set on role.", caller.getName(), current.getName()); } else { ACCESS_LOGGER.tracef("User '%s' assiged role '%s' due to match on inclusion %s", caller.getName(), current.getName(), inclusion); if (traceEnabled) { ACCESS_LOGGER.tracef("User '%s' denied membership of role '%s' due to exclusion %s", caller.getName(), current.getName(), exclusion); ACCESS_LOGGER.tracef( "User '%s' not assigned role '%s' as no match on the include definition of the role mapping.", caller.getName(), current.getName()); StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append("' Assigned Roles { ");
ACCESS_LOGGER .tracef("User '%s' assigned role '%s' due to realm assignment and no exclusion in role mapping definition.", caller.getName(), roleName); ACCESS_LOGGER .tracef("User '%s' NOT assigned role '%s' despite realm assignment due to exclusion match against %s.", caller.getName(), roleName, exclusion); ACCESS_LOGGER .tracef("User '%s' assigned role '%s' due to realm assignment and no role mapping to check for exclusion.", caller.getName(), roleName); if (traceEnabled) { if (includeAll) { ACCESS_LOGGER.tracef("User '%s' assiged role '%s' due to include-all set on role.", caller.getName(), current.getName()); } else { ACCESS_LOGGER.tracef("User '%s' assiged role '%s' due to match on inclusion %s", caller.getName(), current.getName(), inclusion); if (traceEnabled) { ACCESS_LOGGER.tracef("User '%s' denied membership of role '%s' due to exclusion %s", caller.getName(), current.getName(), exclusion); ACCESS_LOGGER.tracef( "User '%s' not assigned role '%s' as no match on the include definition of the role mapping.", caller.getName(), current.getName()); StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append("' Assigned Roles { ");
ACCESS_LOGGER .tracef("User '%s' assigned role '%s' due to realm assignment and no exclusion in role mapping definition.", caller.getName(), roleName); ACCESS_LOGGER .tracef("User '%s' NOT assigned role '%s' despite realm assignment due to exclusion match against %s.", caller.getName(), roleName, exclusion); ACCESS_LOGGER .tracef("User '%s' assigned role '%s' due to realm assignment and no role mapping to check for exclusion.", caller.getName(), roleName); if (traceEnabled) { if (includeAll) { ACCESS_LOGGER.tracef("User '%s' assiged role '%s' due to include-all set on role.", caller.getName(), current.getName()); } else { ACCESS_LOGGER.tracef("User '%s' assiged role '%s' due to match on inclusion %s", caller.getName(), current.getName(), inclusion); if (traceEnabled) { ACCESS_LOGGER.tracef("User '%s' denied membership of role '%s' due to exclusion %s", caller.getName(), current.getName(), exclusion); ACCESS_LOGGER.tracef( "User '%s' not assigned role '%s' as no match on the include definition of the role mapping.", caller.getName(), current.getName()); StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append("' Assigned Roles { ");
void trackConfigurationChange() { if (!isBooting() && !isReadOnly() && configurationChangesCollector.trackAllowed()) { try { AccessAuditContext accessContext = SecurityActions.currentAccessAuditContext(); Caller currentCaller = getCaller(); configurationChangesCollector.addConfigurationChanges(new ConfigurationChange(resultAction, currentCaller == null ? null : currentCaller.getName(), accessContext == null ? null : accessContext.getDomainUuid(), accessContext == null ? null : accessContext.getAccessMechanism(), accessContext == null ? null : accessContext.getRemoteAddress(), controllerOperations)); } catch (Exception e) { ControllerLogger.MGMT_OP_LOGGER.failedToUpdateAuditLog(e); } } }
/** * Log an audit record of this operation. */ void logAuditRecord() { trackConfigurationChange(); if (!auditLogged) { try { AccessAuditContext accessContext = SecurityActions.currentAccessAuditContext(); Caller caller = getCaller(); auditLogger.log( isReadOnly(), resultAction, caller == null ? null : caller.getName(), accessContext == null ? null : accessContext.getDomainUuid(), accessContext == null ? null : accessContext.getAccessMechanism(), accessContext == null ? null : accessContext.getRemoteAddress(), getModel(), controllerOperations); auditLogged = true; } catch (Exception e) { ControllerLogger.MGMT_OP_LOGGER.failedToUpdateAuditLog(e); } } }
void trackConfigurationChange() { if (!isBooting() && !isReadOnly() && configurationChangesCollector.trackAllowed()) { try { AccessAuditContext accessContext = SecurityActions.currentAccessAuditContext(); Caller currentCaller = getCaller(); configurationChangesCollector.addConfigurationChanges(new ConfigurationChange(resultAction, currentCaller == null ? null : currentCaller.getName(), accessContext == null ? null : accessContext.getDomainUuid(), accessContext == null ? null : accessContext.getAccessMechanism(), accessContext == null ? null : accessContext.getRemoteAddress(), controllerOperations)); } catch (Exception e) { ControllerLogger.MGMT_OP_LOGGER.failedToUpdateAuditLog(e); } } }
/** * Log an audit record of this operation. */ void logAuditRecord() { if (!auditLogged) { try { AccessAuditContext accessContext = SecurityActions.currentAccessAuditContext(); Caller caller = getCaller(); Subject subject = SecurityActions.getSubject(caller); auditLogger.log( isReadOnly(), resultAction, caller == null ? null : caller.getName(), accessContext == null ? null : accessContext.getDomainUuid(), accessContext == null ? null : accessContext.getAccessMechanism(), getSubjectInetAddress(subject), getModel(), controllerOperations); auditLogged = true; } catch (Exception e) { ControllerLogger.MGMT_OP_LOGGER.failedToUpdateAuditLog(e); } } }
/** * Log an audit record of this operation. */ void logAuditRecord() { trackConfigurationChange(); if (!auditLogged) { try { AccessAuditContext accessContext = SecurityActions.currentAccessAuditContext(); Caller caller = getCaller(); auditLogger.log( isReadOnly(), resultAction, caller == null ? null : caller.getName(), accessContext == null ? null : accessContext.getDomainUuid(), accessContext == null ? null : accessContext.getAccessMechanism(), accessContext == null ? null : accessContext.getRemoteAddress(), getModel(), controllerOperations); auditLogged = true; } catch (Exception e) { ControllerLogger.MGMT_OP_LOGGER.failedToUpdateAuditLog(e); } } }