Search in sources :

Example 1 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class SAML2Auditor method auditAccessAttempt.

@Override
public void auditAccessAttempt() {
    if (auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC, AuditConstants.EventName.AM_ACCESS_ATTEMPT)) {
        AuditEvent auditEvent = getDefaultSAML2AccessAuditEventBuilder().timestamp(startTime).eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT).toEvent();
        auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
    }
    accessAttemptAudited = true;
}
Also used : AuditEvent(org.forgerock.audit.events.AuditEvent)

Example 2 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class SAML2Auditor method auditAccessFailure.

@Override
public void auditAccessFailure(String errorCode, String message) {
    if (!accessAttemptAudited) {
        auditAccessAttempt();
    }
    if (auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC, AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
        final long endTime = System.currentTimeMillis();
        final long elapsedTime = endTime - startTime;
        final JsonValue detail = json(object(field(AuditConstants.ACCESS_RESPONSE_DETAIL_REASON, message)));
        AuditEvent auditEvent = getDefaultSAML2AccessAuditEventBuilder().timestamp(endTime).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).responseWithDetail(FAILED, errorCode, elapsedTime, MILLISECONDS, detail).toEvent();
        auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
    }
}
Also used : JsonValue(org.forgerock.json.JsonValue) AuditEvent(org.forgerock.audit.events.AuditEvent)

Example 3 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class CrestAuditorTest method auditSuccessShouldPublishEvents.

@Test(dataProvider = "CRESTRequests")
public void auditSuccessShouldPublishEvents(Request request) throws Exception {
    given(auditEventPublisher.isAuditing(anyString(), anyString(), any(EventName.class))).willReturn(true);
    auditor = new CrestAuditor(debug, auditEventPublisher, auditEventFactory, context, request);
    givenAccessAuditingEnabled(auditEventPublisher);
    final JsonValue detail = json(object(field("foo", "bar")));
    auditor.auditAccessSuccess(detail);
    ArgumentCaptor<AuditEvent> auditEventCaptor = ArgumentCaptor.forClass(AuditEvent.class);
    verify(auditEventPublisher).tryPublish(eq(ACCESS_TOPIC), auditEventCaptor.capture());
    assertThat(getField(auditEventCaptor, EVENT_NAME).asString()).isEqualTo(EventName.AM_ACCESS_OUTCOME.toString());
    assertThat(getField(auditEventCaptor, RESPONSE + "/" + DETAIL).asMap()).isEqualTo(detail.asMap());
}
Also used : JsonValue(org.forgerock.json.JsonValue) AuditEvent(org.forgerock.audit.events.AuditEvent) Test(org.testng.annotations.Test)

Example 4 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class CrestAuditor method auditAccessAttempt.

/**
     * Publishes an audit event with details of the attempted CREST operation, if the 'access' topic is audited.
     */
void auditAccessAttempt() {
    if (auditEventPublisher.isAuditing(realm, ACCESS_TOPIC, EventName.AM_ACCESS_ATTEMPT)) {
        AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(realm).forHttpRequest(context, request).timestamp(startTime).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_ATTEMPT).component(component);
        addSessionDetailsFromSSOTokenContext(builder, context);
        if (ipAddressHeaderPropertyIsSet()) {
            setClientFromHttpContextHeaderIfExists(builder, context);
        }
        AuditEvent auditEvent = builder.toEvent();
        postProcessEvent(auditEvent);
        auditEventPublisher.tryPublish(ACCESS_TOPIC, auditEvent);
    }
}
Also used : AuditEvent(org.forgerock.audit.events.AuditEvent) AMAccessAuditEventBuilder(org.forgerock.openam.audit.AMAccessAuditEventBuilder)

Example 5 with AuditEvent

use of org.forgerock.audit.events.AuditEvent in project OpenAM by OpenRock.

the class LogRecWrite method auditAccessMessage.

private void auditAccessMessage(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, LogRecord record, String realm) {
    AgentLogParser logParser = new AgentLogParser();
    LogExtracts logExtracts = logParser.tryParse(record.getMessage());
    if (logExtracts == null) {
        // A message type of no interest
        return;
    }
    @SuppressWarnings("unchecked") Map<String, String> info = record.getLogInfoMap();
    String clientIp = info.get(LogConstants.IP_ADDR);
    if (StringUtils.isEmpty(clientIp)) {
        clientIp = info.get(LogConstants.HOST_NAME);
    }
    String contextId = info.get(LogConstants.CONTEXT_ID);
    String clientId = info.get(LogConstants.LOGIN_ID);
    String resourceUrl = logExtracts.getResourceUrl();
    int queryStringIndex = resourceUrl.indexOf('?');
    String queryString = queryStringIndex > -1 ? resourceUrl.substring(queryStringIndex) : "";
    String path = resourceUrl.replace(queryString, "");
    Map<String, List<String>> queryParameters = AMAuditEventBuilderUtils.getQueryParametersAsMap(queryString);
    AuditEvent auditEvent = auditEventFactory.accessEvent(realm).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_OUTCOME).component(Component.POLICY_AGENT).userId(clientId).httpRequest(hasSecureScheme(resourceUrl), "UNKNOWN", path, queryParameters, Collections.<String, List<String>>emptyMap()).request("HTTP", "UNKNOWN").client(clientIp).trackingId(contextId).response(logExtracts.getStatus(), logExtracts.getStatusCode(), -1, MILLISECONDS).toEvent();
    auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
}
Also used : List(java.util.List) AuditEvent(org.forgerock.audit.events.AuditEvent) LogExtracts(com.sun.identity.log.service.AgentLogParser.LogExtracts)

Aggregations

AuditEvent (org.forgerock.audit.events.AuditEvent)24 Test (org.testng.annotations.Test)13 JsonValue (org.forgerock.json.JsonValue)6 Map (java.util.Map)3 AMAccessAuditEventBuilder (org.forgerock.openam.audit.AMAccessAuditEventBuilder)3 Context (org.forgerock.services.context.Context)3 Date (java.util.Date)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 Request (org.restlet.Request)2 Response (org.restlet.Response)2 JsonRepresentation (org.restlet.ext.json.JsonRepresentation)2 LogExtracts (com.sun.identity.log.service.AgentLogParser.LogExtracts)1 URL (java.net.URL)1 List (java.util.List)1 AuditServiceBuilder (org.forgerock.audit.AuditServiceBuilder)1 AuditEventHandler (org.forgerock.audit.events.handlers.AuditEventHandler)1 Handler (org.forgerock.http.Handler)1 Request (org.forgerock.http.protocol.Request)1 SessionContext (org.forgerock.http.session.SessionContext)1 AMAuditServiceConfiguration (org.forgerock.openam.audit.configuration.AMAuditServiceConfiguration)1