LogRecWrite.java revision bab1e6524fca64a55ecfc2503295092db8e0f48e
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * The contents of this file are subject to the terms
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * of the Common Development and Distribution License
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * (the License). You may not use this file except in
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * compliance with the License.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * You can obtain a copy of the License at
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * https://opensso.dev.java.net/public/CDDLv1.0.html or
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * See the License for the specific language governing
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * permission and limitations under the License.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * When distributing Covered Code, include this CDDL
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * Header Notice in each file and include the License file
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * If applicable, add the following below the CDDL Header,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * with the fields enclosed by brackets [] replaced by
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * your own identifying information:
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * "Portions Copyrighted [year] [name of copyright owner]"
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * $Id: LogRecWrite.java,v 1.6 2009/06/19 02:33:29 bigfatrat Exp $
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * Portions Copyrighted 2011-2015 ForgeRock AS
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * Portions Copyrighted 2013 Nomura Research Institute, Ltd
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport static java.util.concurrent.TimeUnit.MILLISECONDS;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport static org.forgerock.openam.audit.AuditConstants.*;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport static org.forgerock.openam.utils.CollectionUtils.getFirstItem;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport com.sun.identity.log.s1is.LogSSOTokenDetails;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport com.sun.identity.log.service.AgentLogParser.LogExtracts;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport com.sun.identity.monitoring.MonitoringUtil;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport com.sun.identity.monitoring.SsoServerLoggingHdlrEntryImpl;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport com.sun.identity.monitoring.SsoServerLoggingSvcImpl;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport org.forgerock.openam.audit.AMAuditEventBuilderUtils;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport org.forgerock.openam.audit.AuditEventFactory;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport org.forgerock.openam.audit.AuditEventPublisher;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceimport org.forgerock.openam.audit.context.AuditRequestContext;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * This class implements <code>ParseOutput</code> interface and <code>
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * LogOperation</code> interface. It is parsing request and process the request.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * log record. This class is registered with the SAX parser.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorcepublic class LogRecWrite implements LogOperation, ParseOutput {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce private static final String EVALUATION_REALM = "org.forgerock.openam.agents.config.policy.evaluation.realm";
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * Return result of the request processing in <code>Response</code>
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * @return result of the request processing in <code>Response</code>
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce public Response execute(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory) {
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek slei = slsi.getHandler(SsoServerLoggingSvcImpl.REMOTE_HANDLER_NAME);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Logger logger = (Logger)Logger.getLogger(_logname);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Debug.message("LogRecWrite: exec: logname = " + _logname);
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek Level.parse(((com.sun.identity.log.service.LogRecord)_records.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String msg = ((com.sun.identity.log.service.LogRecord)_records.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Map logInfoMap = ((com.sun.identity.log.service.LogRecord)_records.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce ((com.sun.identity.log.service.LogRecord)_records.
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek msg = new String(com.sun.identity.shared.encode.Base64.decode(msg));
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // if message is not base64 encoded just ignore &
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // write msg as it is.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Debug.message("LogRecWrite: message is not base64 encoded");
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce (String)logInfoMap.get(LogConstants.LOGIN_ID_SID);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce if (loginIDSid != null && loginIDSid.length() > 0) {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce SSOTokenManager ssom = SSOTokenManager.getInstance();
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Debug.warning("LogService::process(): SSOException", e);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // here fill up logInfo into the newlr
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce rec = LogSSOTokenDetails.logSSOTokenInfo(rec, loginIDToken);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // now take one be one values from logInfoMap and overwrite
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // any populated value from sso token.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce while (i.hasNext()) {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // if message is not base64 encoded just
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // ignore & write msg as it is.
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce "LogRecWrite: data is not "
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce + "base64 encoded");
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce rec.addLogInfo(LogConstants.LOG_LEVEL, rec.getLevel().toString());
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce SSOTokenManager ssom = SSOTokenManager.getInstance();
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce loggedByToken = ssom.createSSOToken(_loggedBySid);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Map<String, Set<String>> appAttributes = IdUtils.getIdentity(loggedByToken).getAttributes();
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce realm = getFirstItem(appAttributes.get(EVALUATION_REALM), NO_REALM);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Debug.error("LogRecWrite: exec:SSOException: ", ssoe);
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek auditAccessMessage(auditEventPublisher, auditEventFactory, rec, realm);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // Log file record write okay and return OK
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce private void auditAccessMessage(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce if (!auditEventPublisher.isAuditing(realm, AuditConstants.ACCESS_TOPIC)) {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce LogExtracts logExtracts = logParser.tryParse(record.getMessage());
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce // A message type of no interest
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Map<String, String> info = record.getLogInfoMap();
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String clientIp = info.get(LogConstants.IP_ADDR);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String contextId = info.get(LogConstants.CONTEXT_ID);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String clientId = info.get(LogConstants.LOGIN_ID);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String resourceUrl = logExtracts.getResourceUrl();
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String queryString = queryStringIndex > -1 ? resourceUrl.substring(queryStringIndex) : "";
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce String path = resourceUrl.replace(queryString, "");
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce Map<String, List<String>> queryParameters = AMAuditEventBuilderUtils.getQueryParametersAsMap(queryString);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce AuditEvent auditEvent = auditEventFactory.accessEvent(realm)
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek .transactionId(AuditRequestContext.getTransactionIdValue())
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce .http("UNKNOWN", path, queryParameters, Collections.<String, List<String>>emptyMap())
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek .response(null, logExtracts.getStatus(), -1, MILLISECONDS)
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek * The method that implements the ParseOutput interface. This is called
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek * by the SAX parser.
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek * @param name name of request
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * @param elems vaector has parsing elements
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * @param atts parsing attributes
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce * @param pcdata given data to be parsed.
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek public void process(String name, Vector elems, Hashtable atts,
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek _logname = ((Log) elems.elementAt(0))._logname;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce _loggedBySid = ((Log) elems.elementAt(0))._loggedBySid;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce (com.sun.identity.log.service.LogRecord)elems.elementAt(i);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce} //end of LogRecWrite