AuditEventPublisher.java revision 7cbae22b7560eefcf086863923459880aa87f014
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms of the Common Development and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Distribution License (the License). You may not use this file except in compliance with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specific language governing permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Software, include this CDDL Header Notice in each file and include
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header, with the fields enclosed by brackets [] replaced by your own identifying
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * information: "Portions copyright [year] [name of copyright owner]".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.forgerock.audit.events.AuditEventBuilder.EVENT_NAME;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.forgerock.json.resource.Requests.newCreateRequest;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport org.forgerock.json.resource.Connection;
ca66273b61a8889f097081b01b6ff9a5f5801064Peter Majorimport org.forgerock.json.resource.ConnectionFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.json.resource.ResourceException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.openam.audit.configuration.AuditServiceConfigurator;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Responsible for publishing locally created audit events to the AuditService.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * @since 13.0.0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Debug debug = Debug.getInstance("amAudit");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private final ConnectionFactory auditServiceConnectionFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private final AuditServiceConfigurator configurator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param auditService AuditService to which events should be published.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AuditEventPublisher(AuditService auditService, AuditServiceConfigurator configurator) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster this.auditServiceConnectionFactory = Resources.newInternalConnectionFactory(auditService);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Publishes the provided AuditEvent to the specified topic of the AuditService.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If an error occurs that prevents the AuditEvent from being published, then details regarding the error
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * are recorded in the debug logs. However, the debug logs are not be treated as the fallback destination
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for audit information. If we need guaranteed capture of audit information then this needs to be a feature
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the audit service itself. Also, the audit event may contain sensitive information that shouldn't be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * stored in debug logs.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * After recording details of the error, the exception will only be propagated back to the caller if the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * 'suppress exceptions' configuration option is set to false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param topic Coarse-grained categorization of the AuditEvent's type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param auditEvent The AuditEvent to publish.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AuditException if an exception occurs while trying to publish the audit event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void publish(String topic, AuditEvent auditEvent) throws AuditException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Connection connection = auditServiceConnectionFactory.getConnection();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster connection.create(new RootContext(), newCreateRequest(topic, auditEvent.getValue()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster final String eventName = getValue(auditEvent.getValue(), EVENT_NAME, "-unknown-");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("Unable to publish {} audit event '{}' due to error: {} [{}]",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster topic, eventName, e.getMessage(), e.getReason(), e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AuditException("Unable to publish " + topic + " audit event '" + eventName + "'", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Tries to publish the provided AuditEvent to the specified topic of the AuditService.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If an exception occurs, details are logged but the exception is suppressed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param topic Coarse-grained categorization of the AuditEvent's type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param auditEvent The AuditEvent to publish.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void tryPublish(String topic, AuditEvent auditEvent) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getValue(JsonValue jsonValue, String key, String defaultValue) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return jsonValue.isDefined(key) ? jsonValue.get(key).asString() : defaultValue;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return configurator.getAuditServiceConfiguration().isAuditEnabled();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return True if the operation being audited can proceed if an exception occurs while publishing an audit event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean isSuppressExceptions() {