use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.
the class SAML2Auditor method auditAccessAttempt.
@Override
public void auditAccessAttempt() {
if (auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC, AuditConstants.EventName.AM_ACCESS_ATTEMPT)) {
AuditEvent auditEvent = getDefaultSAML2AccessAuditEventBuilder().timestamp(startTime).eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT).toEvent();
auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
}
accessAttemptAudited = true;
}
use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.
the class SAML2Auditor method auditAccessFailure.
@Override
public void auditAccessFailure(String errorCode, String message) {
if (!accessAttemptAudited) {
auditAccessAttempt();
}
if (auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC, AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
final long endTime = System.currentTimeMillis();
final long elapsedTime = endTime - startTime;
final JsonValue detail = json(object(field(AuditConstants.ACCESS_RESPONSE_DETAIL_REASON, message)));
AuditEvent auditEvent = getDefaultSAML2AccessAuditEventBuilder().timestamp(endTime).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).responseWithDetail(FAILED, errorCode, elapsedTime, MILLISECONDS, detail).toEvent();
auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
}
}
use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.
the class CrestAuditorTest method auditSuccessShouldPublishEvents.
@Test(dataProvider = "CRESTRequests")
public void auditSuccessShouldPublishEvents(Request request) throws Exception {
given(auditEventPublisher.isAuditing(anyString(), anyString(), any(EventName.class))).willReturn(true);
auditor = new CrestAuditor(debug, auditEventPublisher, auditEventFactory, context, request);
givenAccessAuditingEnabled(auditEventPublisher);
final JsonValue detail = json(object(field("foo", "bar")));
auditor.auditAccessSuccess(detail);
ArgumentCaptor<AuditEvent> auditEventCaptor = ArgumentCaptor.forClass(AuditEvent.class);
verify(auditEventPublisher).tryPublish(eq(ACCESS_TOPIC), auditEventCaptor.capture());
assertThat(getField(auditEventCaptor, EVENT_NAME).asString()).isEqualTo(EventName.AM_ACCESS_OUTCOME.toString());
assertThat(getField(auditEventCaptor, RESPONSE + "/" + DETAIL).asMap()).isEqualTo(detail.asMap());
}
use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.
the class CrestAuditor method auditAccessAttempt.
/**
* Publishes an audit event with details of the attempted CREST operation, if the 'access' topic is audited.
*/
void auditAccessAttempt() {
if (auditEventPublisher.isAuditing(realm, ACCESS_TOPIC, EventName.AM_ACCESS_ATTEMPT)) {
AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(realm).forHttpRequest(context, request).timestamp(startTime).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_ATTEMPT).component(component);
addSessionDetailsFromSSOTokenContext(builder, context);
if (ipAddressHeaderPropertyIsSet()) {
setClientFromHttpContextHeaderIfExists(builder, context);
}
AuditEvent auditEvent = builder.toEvent();
postProcessEvent(auditEvent);
auditEventPublisher.tryPublish(ACCESS_TOPIC, auditEvent);
}
}
use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.
the class LogRecWrite method auditAccessMessage.
private void auditAccessMessage(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, LogRecord record, String realm) {
AgentLogParser logParser = new AgentLogParser();
LogExtracts logExtracts = logParser.tryParse(record.getMessage());
if (logExtracts == null) {
// A message type of no interest
return;
}
@SuppressWarnings("unchecked") Map<String, String> info = record.getLogInfoMap();
String clientIp = info.get(LogConstants.IP_ADDR);
if (StringUtils.isEmpty(clientIp)) {
clientIp = info.get(LogConstants.HOST_NAME);
}
String contextId = info.get(LogConstants.CONTEXT_ID);
String clientId = info.get(LogConstants.LOGIN_ID);
String resourceUrl = logExtracts.getResourceUrl();
int queryStringIndex = resourceUrl.indexOf('?');
String queryString = queryStringIndex > -1 ? resourceUrl.substring(queryStringIndex) : "";
String path = resourceUrl.replace(queryString, "");
Map<String, List<String>> queryParameters = AMAuditEventBuilderUtils.getQueryParametersAsMap(queryString);
AuditEvent auditEvent = auditEventFactory.accessEvent(realm).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_OUTCOME).component(Component.POLICY_AGENT).userId(clientId).httpRequest(hasSecureScheme(resourceUrl), "UNKNOWN", path, queryParameters, Collections.<String, List<String>>emptyMap()).request("HTTP", "UNKNOWN").client(clientIp).trackingId(contextId).response(logExtracts.getStatus(), logExtracts.getStatusCode(), -1, MILLISECONDS).toEvent();
auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
}
Aggregations