Skip to content

Codecrew / Moya

Go to a project
Commit 085306f6 by Juho Juopperi
Options

security logging: permission denied

1 parent ae4b2d53
Inline Side-by-side
Showing with 67 additions and 12 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
package fi.insomnia.bortal.beans; package fi.insomnia.bortal.beans;
import java.util.Calendar;
import javax.ejb.EJB;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import org.hibernate.validator.util.LoggerFactory;
import org.slf4j.Logger;
import fi.insomnia.bortal.facade.LogEntryFacade;
import fi.insomnia.bortal.facade.LogEntryTypeFacade;
import fi.insomnia.bortal.model.LogEntry;
import fi.insomnia.bortal.model.LogEntryType;
import fi.insomnia.bortal.model.User;
/** /**
* Session Bean implementation class SercurityBean * Session Bean implementation class SercurityBean
...@@ -9,17 +20,28 @@ import javax.ejb.Stateless; ...@@ -9,17 +20,28 @@ import javax.ejb.Stateless;
@Stateless @Stateless
public class SecurityBean implements SecurityBeanLocal { public class SecurityBean implements SecurityBeanLocal {
private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
@EJB
LogEntryTypeFacade typeFacade;
@EJB
LogEntryFacade entryFacade;
/** /**
* Default constructor. * Default constructor.
*/ */
public SecurityBean() { public SecurityBean() {
// TODO Auto-generated constructor stub // TODO Auto-generated constructor stub
} }
@Override @Override
public void log(Exception permissionDeniedException) { public void logPermissionDenied(User user, Exception exception) {
// TODO Auto-generated method stub LogEntryType type = typeFacade.findOrCreate(SecurityLogType.permissionDenied);
LogEntry entry = new LogEntry();
entry.setType(type);
entry.setTime(Calendar.getInstance());
entry.setDescription(exception.getMessage());
entry.setUser(user);
logger.debug(entry.toString(), exception);
entryFacade.create(entry);
} }
} }
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java
...@@ -4,6 +4,9 @@ import javax.ejb.LocalBean; ...@@ -4,6 +4,9 @@ import javax.ejb.LocalBean;
import javax.ejb.Stateless; import javax.ejb.Stateless;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext; import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import fi.insomnia.bortal.beans.SecurityLogType;
import fi.insomnia.bortal.model.LogEntryType; import fi.insomnia.bortal.model.LogEntryType;
@Stateless @Stateless
...@@ -21,4 +24,21 @@ public class LogEntryTypeFacade extends GenericFacade<LogEntryType> { ...@@ -21,4 +24,21 @@ public class LogEntryTypeFacade extends GenericFacade<LogEntryType> {
return em; return em;
} }
public LogEntryType findOrCreate(SecurityLogType type) {
// Fetch log entry type
TypedQuery<LogEntryType> q = em.createNamedQuery("LogEntryType.findByName", LogEntryType.class);
q.setParameter("login", type.name());
LogEntryType logEntryType = q.getSingleResult();
// Might not exist yet
if (logEntryType == null) {
logEntryType = new LogEntryType();
logEntryType.setName(type.name());
em.persist(logEntryType);
}
return logEntryType;
}
} }
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SecurityBeanLocal.java
...@@ -2,9 +2,11 @@ package fi.insomnia.bortal.beans; ...@@ -2,9 +2,11 @@ package fi.insomnia.bortal.beans;
import javax.ejb.Local; import javax.ejb.Local;
import fi.insomnia.bortal.model.User;
@Local @Local
public interface SecurityBeanLocal { public interface SecurityBeanLocal {
void log(Exception permissionDeniedException); void logPermissionDenied(User user, Exception permissionDeniedException);
} }
code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntryType.java
...@@ -24,15 +24,18 @@ import javax.persistence.Version; ...@@ -24,15 +24,18 @@ import javax.persistence.Version;
@Table(name = "event_log_types") @Table(name = "event_log_types")
@NamedQueries( { @NamedQueries( {
@NamedQuery(name = "LogEntryType.findAll", query = "SELECT l FROM LogEntryType l"), @NamedQuery(name = "LogEntryType.findAll", query = "SELECT l FROM LogEntryType l"),
@NamedQuery(name = "LogEntryType.findByName", query = "SELECT l FROM LogEntryType l WHERE l.name = :name"),
@NamedQuery(name = "LogEntryType.findByDescription", query = "SELECT l FROM LogEntryType l WHERE l.description = :description") }) @NamedQuery(name = "LogEntryType.findByDescription", query = "SELECT l FROM LogEntryType l WHERE l.description = :description") })
public class LogEntryType implements EventChildInterface{ public class LogEntryType implements EventChildInterface {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
@EmbeddedId @EmbeddedId
private EventPk id; private EventPk id;
@Column(name = "event_type_name", nullable = false)
private String name;
@Lob @Lob
@Column(name = "event_type_description", nullable = false) @Column(name = "event_type_description", nullable = false)
private String description; private String description;
...@@ -132,4 +135,12 @@ public class LogEntryType implements EventChildInterface{ ...@@ -132,4 +135,12 @@ public class LogEntryType implements EventChildInterface{
public void setJpaVersionField(int jpaVersionField) { public void setJpaVersionField(int jpaVersionField) {
this.jpaVersionField = jpaVersionField; this.jpaVersionField = jpaVersionField;
} }
public void setName(String name) {
this.name = name;
}
public String getName() {
return name;
}
} }
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/PermissionDeniedException.java
package fi.insomnia.bortal.exceptions; package fi.insomnia.bortal.exceptions;
import fi.insomnia.bortal.beans.SecurityBeanLocal; import fi.insomnia.bortal.beans.SecurityBeanLocal;
import fi.insomnia.bortal.model.User;
public class PermissionDeniedException extends RuntimeException { public class PermissionDeniedException extends RuntimeException {
public PermissionDeniedException(String message, SecurityBeanLocal bean) { public PermissionDeniedException(SecurityBeanLocal bean, User user, String message) {
super(message); super(message);
bean.log(this); bean.logPermissionDenied(user, this);
} }
/** /**
......
code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
...@@ -23,7 +23,6 @@ public class UserView { ...@@ -23,7 +23,6 @@ public class UserView {
@ManagedProperty("#{sessionHandler}") @ManagedProperty("#{sessionHandler}")
private SessionHandler sessionhandler; private SessionHandler sessionhandler;
@EJB @EJB
private UserBeanLocal userBean; private UserBeanLocal userBean;
...@@ -47,7 +46,7 @@ public class UserView { ...@@ -47,7 +46,7 @@ public class UserView {
public String createUser() { public String createUser() {
if (!sessionhandler.canWrite("userManagement")) { if (!sessionhandler.canWrite("userManagement")) {
// Give message to administration what happened here. // Give message to administration what happened here.
throw new PermissionDeniedException("User " + sessionhandler.getUser() + " does not have permission to create user!",securitybean); throw new PermissionDeniedException(securitybean, sessionhandler.getUser(), "User " + sessionhandler.getUser() + " does not have permission to create user!");
} }
logger.info("Saving user"); logger.info("Saving user");
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!