PLLAuditor.java revision 6b6359cabb99ffbe7c788604a533d5686c20e515
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
*/
/**
* Responsible for publishing audit access events for individual PLL request.
*/
public class PLLAuditor {
private final AuditEventPublisher auditEventPublisher;
private final AuditEventFactory auditEventFactory;
private final HttpServletRequest httpServletRequest;
private long startTime;
private String trackingId;
private boolean accessAttemptAudited;
/**
* Create a new Auditor.
* @param debug Debug instance.
* @param auditEventPublisher AuditEventPublisher to which publishing of events can be delegated.
* @param auditEventFactory AuditEventFactory for audit event builders.
* @param httpServletRequest
*/
public PLLAuditor(Debug debug, AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory,
this.auditEventFactory = auditEventFactory;
this.httpServletRequest = httpServletRequest;
this.reset();
}
/**
* Publishes an audit event with details of the attempted CREST operation, if the 'access' topic is audited.
*
* @throws AuditException If an exception occurred that prevented the audit event from being published.
*/
public void auditAccessAttempt() {
.toEvent();
}
accessAttemptAudited = true;
}
/**
* Publishes an event with details of the successfully completed CREST operation, if the 'access' topic is audited.
* <p/>
* Any exception that occurs while trying to publish the audit event will be
* captured in the debug logs but otherwise ignored.
*/
public void auditAccessSuccess() {
if (!accessAttemptAudited) {
}
.toEvent();
reset();
}
}
/**
* Publishes an event with details of the failed CREST operation, if the 'access' topic is audited.
* <p/>
* Any exception that occurs while trying to publish the audit event will be
* captured in the debug logs but otherwise ignored.
*
* @param message A human-readable description of the error that occurred.
*/
}
/**
* Publishes an event with details of the failed CREST operation, if the 'access' topic is audited.
* <p/>
* Any exception that occurs while trying to publish the audit event will be
* captured in the debug logs but otherwise ignored.
*
* @param errorCode A unique code that identifies the error condition.
* @param message A human-readable description of the error that occurred.
*/
if (!accessAttemptAudited) {
}
.toEvent();
reset();
}
}
/**
* Resets the auditor in preparation for handling the next {@link Request} in a given {@link RequestSet}.
*/
private void reset() {
accessAttemptAudited = false;
method = "unknown";
userId = "";
trackingId = "";
}
/**
* @param component Identifies the functional area of OpenAM with which this PLL service interacts.
*/
}
/**
* @param method Identifies the {@link RequestHandler} operation invoked.
*/
}
/**
* Provide SSOToken of originating client in order to lookup session trackingId and realm.
*
* If the current server is not the 'home server' for the session, obtaining an SSOToken can itself
* lead to PLL communication between servers; therefore, it's worth considering whether or not this
* method should be used on a case-by-case basis. When obtaining an SSOToken may not be appropriate,
* the setDomain and setTrackingId methods may be useful alternatives if this information is available
* via other means.
*
* @param ssoToken SSOToken of the originating client from which the session trackingId and realm are obtained.
*/
}
/**
* @param trackingId Unique alias of session.
*/
this.trackingId = trackingId;
}
/**
* @param userId Identifies Subject of authentication.
*/
}
/**
* @param realm The realm for which the event is being logged.
*/
}
}