security logging: permission denied

code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java

 package fi.insomnia.bortal.beans;
 
+import java.util.Calendar;
+
+import javax.ejb.EJB;
 import javax.ejb.Stateless;
 
+import org.hibernate.validator.util.LoggerFactory;
+import org.slf4j.Logger;
+
+import fi.insomnia.bortal.facade.LogEntryFacade;
+import fi.insomnia.bortal.facade.LogEntryTypeFacade;
+import fi.insomnia.bortal.model.LogEntry;
+import fi.insomnia.bortal.model.LogEntryType;
+import fi.insomnia.bortal.model.User;
 
 /**
  * Session Bean implementation class SercurityBean
@@ -9,17 +20,28 @@ import javax.ejb.Stateless;
 @Stateless
 public class SecurityBean implements SecurityBeanLocal {
 
+    private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
+    @EJB
+    LogEntryTypeFacade typeFacade;
+    @EJB
+    LogEntryFacade entryFacade;
+
     /**
-     * Default constructor. 
+     * Default constructor.
      */
     public SecurityBean() {
         // TODO Auto-generated constructor stub
     }
 
     @Override
-    public void log(Exception permissionDeniedException) {
-        // TODO Auto-generated method stub
-        
+    public void logPermissionDenied(User user, Exception exception) {
+        LogEntryType type = typeFacade.findOrCreate(SecurityLogType.permissionDenied);
+        LogEntry entry = new LogEntry();
+        entry.setType(type);
+        entry.setTime(Calendar.getInstance());
+        entry.setDescription(exception.getMessage());
+        entry.setUser(user);
+        logger.debug(entry.toString(), exception);
+        entryFacade.create(entry);
     }
-
 }

code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java

@@ -4,6 +4,9 @@ import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
+import javax.persistence.TypedQuery;
+
+import fi.insomnia.bortal.beans.SecurityLogType;
 import fi.insomnia.bortal.model.LogEntryType;
 
 @Stateless
@@ -21,4 +24,21 @@ public class LogEntryTypeFacade extends GenericFacade<LogEntryType> {
         return em;
     }
 
+    public LogEntryType findOrCreate(SecurityLogType type) {
+
+        // Fetch log entry type
+        TypedQuery<LogEntryType> q = em.createNamedQuery("LogEntryType.findByName", LogEntryType.class);
+        q.setParameter("login", type.name());
+        LogEntryType logEntryType = q.getSingleResult();
+
+        // Might not exist yet
+        if (logEntryType == null) {
+            logEntryType = new LogEntryType();
+            logEntryType.setName(type.name());
+            em.persist(logEntryType);
+        }
+
+        return logEntryType;
+    }
+
 }

code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/SecurityBeanLocal.java

@@ -2,9 +2,11 @@ package fi.insomnia.bortal.beans;
 
 import javax.ejb.Local;
 
+import fi.insomnia.bortal.model.User;
+
 @Local
 public interface SecurityBeanLocal {
 
-    void log(Exception permissionDeniedException);
+    void logPermissionDenied(User user, Exception permissionDeniedException);
 
 }

code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntryType.java

@@ -24,15 +24,18 @@ import javax.persistence.Version;
 @Table(name = "event_log_types")
 @NamedQueries( {
         @NamedQuery(name = "LogEntryType.findAll", query = "SELECT l FROM LogEntryType l"),
-
+        @NamedQuery(name = "LogEntryType.findByName", query = "SELECT l FROM LogEntryType l WHERE l.name = :name"),
         @NamedQuery(name = "LogEntryType.findByDescription", query = "SELECT l FROM LogEntryType l WHERE l.description = :description") })
-public class LogEntryType implements EventChildInterface{
+public class LogEntryType implements EventChildInterface {
 
     private static final long serialVersionUID = 1L;
 
     @EmbeddedId
     private EventPk id;
 
+    @Column(name = "event_type_name", nullable = false)
+    private String name;
+
     @Lob
     @Column(name = "event_type_description", nullable = false)
     private String description;
@@ -132,4 +135,12 @@ public class LogEntryType implements EventChildInterface{
     public void setJpaVersionField(int jpaVersionField) {
         this.jpaVersionField = jpaVersionField;
     }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getName() {
+        return name;
+    }
 }

code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/PermissionDeniedException.java

 package fi.insomnia.bortal.exceptions;
 
 import fi.insomnia.bortal.beans.SecurityBeanLocal;
+import fi.insomnia.bortal.model.User;
 
 public class PermissionDeniedException extends RuntimeException {
 
-    public PermissionDeniedException(String message, SecurityBeanLocal bean) {
+    public PermissionDeniedException(SecurityBeanLocal bean, User user, String message) {
         super(message);
-        bean.log(this);
+        bean.logPermissionDenied(user, this);
     }
 
     /**

code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java

@@ -23,7 +23,6 @@ public class UserView {
 
     @ManagedProperty("#{sessionHandler}")
     private SessionHandler sessionhandler;
-    
 
     @EJB
     private UserBeanLocal userBean;
@@ -47,7 +46,7 @@ public class UserView {
     public String createUser() {
         if (!sessionhandler.canWrite("userManagement")) {
             // Give message to administration what happened here.
-            throw new PermissionDeniedException("User " + sessionhandler.getUser() + " does not have permission to create user!",securitybean);
+            throw new PermissionDeniedException(securitybean, sessionhandler.getUser(), "User " + sessionhandler.getUser() + " does not have permission to create user!");
         }
 
         logger.info("Saving user");