Examples with AMAccessAuditEventBuilder org.forgerock.openam.audit.AMAccessAuditEventBuilder used on opensource projects

Search in sources :

Example 1 with AMAccessAuditEventBuilder

use of org.forgerock.openam.audit.AMAccessAuditEventBuilder in project OpenAM by OpenRock.

the class LogWriter method accessEventBuilder.

private static AMAccessAuditEventBuilder accessEventBuilder(int type, String msgid, String[] msgdata, String operation, List<String> fields) {
    AMAccessAuditEventBuilder accessEventBuilder = new AMAccessAuditEventBuilder();
    String realm = null;
    JsonValue requestData = json(object());
    if (msgdata != null) {
        for (int i = 0; i < msgdata.length; i++) {
            String fieldName = fields.get(i).toLowerCase();
            if (NORMALIZED_FIELD_NAMES.containsKey(fieldName)) {
                fieldName = NORMALIZED_FIELD_NAMES.get(fieldName);
            }
            if (!IGNORED_LOG_FIELDS.contains(fieldName)) {
                requestData.put(fieldName, msgdata[i]);
            } else if (fieldName.equals("realm")) {
                realm = msgdata[i];
            }
        }
    }
    accessEventBuilder.request("ssoadm", operation, requestData);
    if (type == LOG_ERROR) {
        int errorMessageIndex = fields.indexOf("error message");
        if (errorMessageIndex > -1) {
            accessEventBuilder.responseWithDetail(AccessAuditEventBuilder.ResponseStatus.FAILED, null, json(object(field("message", msgdata[errorMessageIndex]))));
        } else {
            accessEventBuilder.response(AccessAuditEventBuilder.ResponseStatus.FAILED, null);
        }
        accessEventBuilder.eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME);
    } else if (msgid.startsWith("SUCCEED")) {
        accessEventBuilder.response(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, null);
        accessEventBuilder.eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME);
    } else {
        accessEventBuilder.eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT);
    }
    if (realm != null) {
        accessEventBuilder.realm(realm);
    }
    return accessEventBuilder;
}
Also used : JsonValue(org.forgerock.json.JsonValue) AMAccessAuditEventBuilder(org.forgerock.openam.audit.AMAccessAuditEventBuilder)

Example 2 with AMAccessAuditEventBuilder

use of org.forgerock.openam.audit.AMAccessAuditEventBuilder in project OpenAM by OpenRock.

the class CrestAuditor method auditAccessAttempt.

/**
     * Publishes an audit event with details of the attempted CREST operation, if the 'access' topic is audited.
     */
void auditAccessAttempt() {
    if (auditEventPublisher.isAuditing(realm, ACCESS_TOPIC, EventName.AM_ACCESS_ATTEMPT)) {
        AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(realm).forHttpRequest(context, request).timestamp(startTime).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_ATTEMPT).component(component);
        addSessionDetailsFromSSOTokenContext(builder, context);
        if (ipAddressHeaderPropertyIsSet()) {
            setClientFromHttpContextHeaderIfExists(builder, context);
        }
        AuditEvent auditEvent = builder.toEvent();
        postProcessEvent(auditEvent);
        auditEventPublisher.tryPublish(ACCESS_TOPIC, auditEvent);
    }
}
Also used : AuditEvent(org.forgerock.audit.events.AuditEvent) AMAccessAuditEventBuilder(org.forgerock.openam.audit.AMAccessAuditEventBuilder)

Example 3 with AMAccessAuditEventBuilder

use of org.forgerock.openam.audit.AMAccessAuditEventBuilder in project OpenAM by OpenRock.

the class AbstractRestletAccessAuditFilter method auditAccessAttempt.

private void auditAccessAttempt(Request request) throws AuditException {
    String realm = getRealmFromRequest(request);
    if (auditEventPublisher.isAuditing(realm, ACCESS_TOPIC, EventName.AM_ACCESS_ATTEMPT)) {
        AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(realm).timestamp(request.getDate().getTime()).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_ATTEMPT).component(component).userId(getUserIdForAccessAttempt(request)).trackingIds(getTrackingIdsForAccessAttempt(request));
        if (requestDetailCreator != null) {
            builder.requestDetail(requestDetailCreator.apply(request.getEntity()));
        }
        addHttpData(request, builder);
        auditEventPublisher.tryPublish(ACCESS_TOPIC, builder.toEvent());
    }
}
Also used : AMAccessAuditEventBuilder(org.forgerock.openam.audit.AMAccessAuditEventBuilder)

Example 4 with AMAccessAuditEventBuilder

use of org.forgerock.openam.audit.AMAccessAuditEventBuilder in project OpenAM by OpenRock.

the class AbstractRestletAccessAuditFilter method auditAccessFailure.

private void auditAccessFailure(Request request, Response response) {
    String realm = getRealmFromRequest(request);
    if (auditEventPublisher.isAuditing(realm, ACCESS_TOPIC, EventName.AM_ACCESS_OUTCOME)) {
        long endTime = System.currentTimeMillis();
        String responseCode = Integer.toString(response.getStatus().getCode());
        long elapsedTime = endTime - request.getDate().getTime();
        JsonValue responseDetail = json(object(field(ACCESS_RESPONSE_DETAIL_REASON, response.getStatus().getDescription())));
        AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(realm).timestamp(endTime).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(EventName.AM_ACCESS_OUTCOME).component(component).userId(getUserIdForAccessOutcome(request, response)).trackingIds(getTrackingIdsForAccessOutcome(request, response)).responseWithDetail(FAILED, responseCode, elapsedTime, MILLISECONDS, responseDetail);
        addHttpData(request, builder);
        auditEventPublisher.tryPublish(ACCESS_TOPIC, builder.toEvent());
    }
}
Also used : JsonValue(org.forgerock.json.JsonValue) AMAccessAuditEventBuilder(org.forgerock.openam.audit.AMAccessAuditEventBuilder)

Example 5 with AMAccessAuditEventBuilder

use of org.forgerock.openam.audit.AMAccessAuditEventBuilder in project OpenAM by OpenRock.

the class RadiusAuditLoggerEventBus method makeLogEntry.

/**
     * Makes an 'access' audit log entry.
     *
     * @param eventName - the name of the event.
     * @param accessRequestEvent - the access request event.
     */
public void makeLogEntry(EventName eventName, AcceptedRadiusEvent accessRequestEvent) {
    LOG.message("Entering RadiusAuditLoggerEventBus.makeLogEntry()");
    Set<String> trackingIds = new HashSet<String>();
    trackingIds.add(accessRequestEvent.getRequest().getContextHolderKey());
    // This sets the request context so that when the OpenAM auth chains etc call AuditRequestContext.get they
    // will use the same transaction id. This means log entries across the audit logs can be tied up.
    AuditRequestContext.set(new AuditRequestContext(new TransactionId(accessRequestEvent.getRequestId())));
    AMAccessAuditEventBuilder builder = auditEventFactory.accessEvent(accessRequestEvent.getRealm()).timestamp(accessRequestEvent.getTimeOfEvent()).transactionId(accessRequestEvent.getRequestId()).eventName(eventName).component(Component.RADIUS).trackingIds(trackingIds);
    String uid = accessRequestEvent.getUniversalId();
    if (!Strings.isNullOrEmpty(uid)) {
        builder.userId(uid);
    } else {
        LOG.message("Not setting authentication to universal Id. None available.");
    }
    setRequestDetails(builder, accessRequestEvent);
    try {
        setClientDetails(builder, accessRequestEvent.getRequestContext());
        RadiusResponse response = accessRequestEvent.getResponse();
        if (response.getResponsePacket() != null) {
            setResponseDetails(builder, response);
        }
    } catch (RadiusAuditLoggingException e) {
        LOG.warning("Failed to set client details on access audit event. Reason; {}", e.getMessage());
    }
    this.auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, builder.toEvent());
    LOG.message("Leaving RadiusAuditLoggerEventBus.makeLogEntry()");
}
Also used : RadiusResponse(org.forgerock.openam.radius.server.RadiusResponse) AMAccessAuditEventBuilder(org.forgerock.openam.audit.AMAccessAuditEventBuilder) AuditRequestContext(org.forgerock.openam.audit.context.AuditRequestContext) HashSet(java.util.HashSet) TransactionId(org.forgerock.services.TransactionId)

Aggregations

AMAccessAuditEventBuilder (org.forgerock.openam.audit.AMAccessAuditEventBuilder)9 JsonValue (org.forgerock.json.JsonValue)4 AuditEvent (org.forgerock.audit.events.AuditEvent)3 HashSet (java.util.HashSet)1 AuditException (org.forgerock.audit.AuditException)1 AuditEventFactory (org.forgerock.openam.audit.AuditEventFactory)1 AuditRequestContext (org.forgerock.openam.audit.context.AuditRequestContext)1 RadiusResponse (org.forgerock.openam.radius.server.RadiusResponse)1 TransactionId (org.forgerock.services.TransactionId)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1 BufferingRepresentation (org.restlet.representation.BufferingRepresentation)1 Representation (org.restlet.representation.Representation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial