Please log the current logged user when denying access #2
Description
The current code logs things like this:
2014-01-22 23:04:20.467Z - INFO [InitSecurityContext] - Connection from .....
2014-01-22 23:04:20.475Z - INFO [BasePAPOperation] - Insufficient privileges to perform operation 'GetPoliciesForPAPOperation'
2014-01-22 23:04:20.475Z - ERROR [ProvisioningService] - Insufficient privileges to perform operation 'GetPoliciesForPAPOperation'.
When more than one user is connected, there is no way to know which one is denied. Looking in the code, the function that should be modified is in src/main/java/org/glite/authz/pap/authz/BasePAPOperation.java:
public final T execute() {
logOperation();
if ( !isAllowed() ) {
log.info( "Insufficient privileges to perform operation '"
+ getName() + "'" );
throw new PAPAuthzException(
"Insufficient privileges to perform operation '"
+ getName() + "'." );
}
return doExecute();
}
As far as I understand the code (not really ...), the current logged user could be obtained via 'CurrentAdmin admin = CurrentAdmin.instance();' or directly something like what is in CurrentAdmin (SecurityContext theContext = SecurityContext.getCurrentContext(); String adminDN = theContext.getClientName();)'. I don't know how to format correctly the output...