abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* The contents of this file are subject to the terms of the Common Development and
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* Distribution License (the License). You may not use this file except in compliance with the
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* specific language governing permission and limitations under the License.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* When distributing Covered Software, include this CDDL Header Notice in each file and include
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* Header, with the fields enclosed by brackets [] replaced by your own identifying
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* information: "Portions copyright [year] [name of copyright owner]".
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey* Copyright 2015 ForgeRock AS.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Baileyimport org.forgerock.openam.audit.AuditConstants;
abba466207a7a0932f2e83e44989ac71b58e1269Brian Baileyimport org.forgerock.openam.audit.AuditEventFactory;
abba466207a7a0932f2e83e44989ac71b58e1269Brian Baileyimport org.forgerock.openam.audit.AuditEventPublisher;
abba466207a7a0932f2e83e44989ac71b58e1269Brian Baileyimport org.forgerock.openam.audit.context.AuditRequestContext;
abba466207a7a0932f2e83e44989ac71b58e1269Brian Baileyimport static org.forgerock.openam.audit.AuditConstants.USER_ID;
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * Responsible for logging access audit events for all OAuth2-based filters. Common functionality is here, a filter
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * may overwrite this functionality if there is a known difference in access or outcome details for that filter.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * @since 13.0.0
abba466207a7a0932f2e83e44989ac71b58e1269Brian Baileypublic abstract class OAuth2AbstractAccessAuditFilter extends AbstractRestletAccessAuditFilter {
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * Create a new filter for the given component and restlet.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * @param component The component for which events will be logged.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * @param restlet The restlet for which events will be logged.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * @param auditEventPublisher The publisher responsible for logging the events.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * @param auditEventFactory The factory that can be used to create the events.
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * @param providers
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey public OAuth2AbstractAccessAuditFilter(AuditConstants.Component component, Restlet restlet,
bf36b5c30cb4d181af39c91096b86fdf628ca189James Phillpotts AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory,
bf36b5c30cb4d181af39c91096b86fdf628ca189James Phillpotts Set<OAuth2AuditContextProvider> providers, RestletBodyAuditor requestDetailCreator,
bf36b5c30cb4d181af39c91096b86fdf628ca189James Phillpotts RestletBodyAuditor responseDetailCreator) {
bf36b5c30cb4d181af39c91096b86fdf628ca189James Phillpotts super(component, restlet, auditEventPublisher, auditEventFactory, requestDetailCreator, responseDetailCreator);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * {@inheritDoc}
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey protected String getUserIdForAccessAttempt(Request request) {
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey String userId = super.getUserIdForAccessAttempt(request);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey return super.getUserIdForAccessAttempt(request);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * {@inheritDoc}
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell protected Set<String> getTrackingIdsForAccessAttempt(Request request) {
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell putTrackingIdsIntoAuditRequestContext(request);
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell return super.getTrackingIdsForAccessAttempt(request);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * {@inheritDoc}
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey protected String getUserIdForAccessOutcome(Request request, Response response) {
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey String userId = super.getUserIdForAccessOutcome(request, response);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey return super.getUserIdForAccessOutcome(request, response);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey * {@inheritDoc}
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell protected Set<String> getTrackingIdsForAccessOutcome(Request request, Response response) {
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell putTrackingIdsIntoAuditRequestContext(request);
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell return super.getTrackingIdsForAccessOutcome(request, response);
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey private void putUserIdInAuditRequestContext(Request request) {
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey for (OAuth2AuditContextProvider provider : providers) {
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey AuditRequestContext.putProperty(USER_ID, userId);
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell private void putTrackingIdsIntoAuditRequestContext(Request request) {
abba466207a7a0932f2e83e44989ac71b58e1269Brian Bailey for (OAuth2AuditContextProvider provider : providers) {
d79b3a1008170c69ef720163254b78c998d55ee0Craig McDonnell String trackingId = provider.getTrackingId(request);