Examples with AuditEvent org.forgerock.audit.events.AuditEvent used on opensource projects

Example 1 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class SAML2Auditor method auditAccessAttempt.

@Override
public void auditAccessAttempt() {
    if (auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC, AuditConstants.EventName.AM_ACCESS_ATTEMPT)) {
        AuditEvent auditEvent = getDefaultSAML2AccessAuditEventBuilder().timestamp(startTime).eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT).toEvent();
        auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
    }
    accessAttemptAudited = true;
}

Example 2 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class SAML2Auditor method auditAccessFailure.

@Override
public void auditAccessFailure(String errorCode, String message) {
    if (!accessAttemptAudited) {
        auditAccessAttempt();
    }
    if (auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC, AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
        final long endTime = System.currentTimeMillis();
        final long elapsedTime = endTime - startTime;
        final JsonValue detail = json(object(field(AuditConstants.ACCESS_RESPONSE_DETAIL_REASON, message)));
        AuditEvent auditEvent = getDefaultSAML2AccessAuditEventBuilder().timestamp(endTime).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).responseWithDetail(FAILED, errorCode, elapsedTime, MILLISECONDS, detail).toEvent();
        auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
    }
}

Example 3 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class CrestAuditorTest method auditSuccessShouldPublishEvents.

@Test(dataProvider = "CRESTRequests")
public void auditSuccessShouldPublishEvents(Request request) throws Exception {
    given(auditEventPublisher.isAuditing(anyString(), anyString(), any(EventName.class))).willReturn(true);
    auditor = new CrestAuditor(debug, auditEventPublisher, auditEventFactory, context, request);
    givenAccessAuditingEnabled(auditEventPublisher);
    final JsonValue detail = json(object(field("foo", "bar")));
    auditor.auditAccessSuccess(detail);
    ArgumentCaptor<AuditEvent> auditEventCaptor = ArgumentCaptor.forClass(AuditEvent.class);
    verify(auditEventPublisher).tryPublish(eq(ACCESS_TOPIC), auditEventCaptor.capture());
    assertThat(getField(auditEventCaptor, EVENT_NAME).asString()).isEqualTo(EventName.AM_ACCESS_OUTCOME.toString());
    assertThat(getField(auditEventCaptor, RESPONSE + "/" + DETAIL).asMap()).isEqualTo(detail.asMap());
}

Example 4 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class CrestAuditor method auditAccessAttempt.

/**
     * Publishes an audit event with details of the attempted CREST operation, if the 'access' topic is audited.
     */
void auditAccessAttempt() {
    if (auditEventPublisher.isAuditing(realm, ACCESS_TOPIC, EventName.AM_ACCESS_ATTEMPT)) {
        AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(realm).forHttpRequest(context, request).timestamp(startTime).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_ATTEMPT).component(component);
        addSessionDetailsFromSSOTokenContext(builder, context);
        if (ipAddressHeaderPropertyIsSet()) {
            setClientFromHttpContextHeaderIfExists(builder, context);
        }
        AuditEvent auditEvent = builder.toEvent();
        postProcessEvent(auditEvent);
        auditEventPublisher.tryPublish(ACCESS_TOPIC, auditEvent);
    }
}

Example 5 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class LogRecWrite method auditAccessMessage.

private void auditAccessMessage(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, LogRecord record, String realm) {
    AgentLogParser logParser = new AgentLogParser();
    LogExtracts logExtracts = logParser.tryParse(record.getMessage());
    if (logExtracts == null) {
        // A message type of no interest
        return;
    }
    @SuppressWarnings("unchecked") Map<String, String> info = record.getLogInfoMap();
    String clientIp = info.get(LogConstants.IP_ADDR);
    if (StringUtils.isEmpty(clientIp)) {
        clientIp = info.get(LogConstants.HOST_NAME);
    }
    String contextId = info.get(LogConstants.CONTEXT_ID);
    String clientId = info.get(LogConstants.LOGIN_ID);
    String resourceUrl = logExtracts.getResourceUrl();
    int queryStringIndex = resourceUrl.indexOf('?');
    String queryString = queryStringIndex > -1 ? resourceUrl.substring(queryStringIndex) : "";
    String path = resourceUrl.replace(queryString, "");
    Map<String, List<String>> queryParameters = AMAuditEventBuilderUtils.getQueryParametersAsMap(queryString);
    AuditEvent auditEvent = auditEventFactory.accessEvent(realm).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_OUTCOME).component(Component.POLICY_AGENT).userId(clientId).httpRequest(hasSecureScheme(resourceUrl), "UNKNOWN", path, queryParameters, Collections.<String, List<String>>emptyMap()).request("HTTP", "UNKNOWN").client(clientIp).trackingId(contextId).response(logExtracts.getStatus(), logExtracts.getStatusCode(), -1, MILLISECONDS).toEvent();
    auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
}