soap/audit/SoapAuditEventPublisher.java

	SoapAuditEventPublisher.java revision 184c2aab7c668e864d6a346cf2e53270f365f6e0
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms of the Common Development and
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Distribution License (the License). You may not use this file except in compliance with the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * specific language governing permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Software, include this CDDL Header Notice in each file and include
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header, with the fields enclosed by brackets [] replaced by your own identifying
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * information: "Portions Copyrighted [year] [name of copyright owner]".
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright 2015 ForgeRock AS.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpackage org.forgerock.openam.sts.soap.audit;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport static java.net.HttpURLConnection.HTTP_CREATED;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.net.MalformedURLException;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.net.URL;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.util.HashMap;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.util.Map;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport javax.inject.Inject;
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunningtonimport javax.inject.Named;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.audit.events.AuditEvent;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.openam.audit.AuditEventPublisher;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.openam.sts.AMSTSConstants;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.openam.sts.HttpURLConnectionWrapper;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.openam.sts.HttpURLConnectionWrapperFactory;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.forgerock.openam.sts.soap.bootstrap.SoapSTSAccessTokenProvider;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport org.slf4j.Logger;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Responsible for sending locally created audit events to the OpenAM AuditService.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @since 13.0.0
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic final class SoapAuditEventPublisher implements AuditEventPublisher {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private final String openamAuditServiceVersion;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private final SoapSTSAccessTokenProvider soapSTSAccessTokenProvider;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private final HttpURLConnectionWrapperFactory httpURLConnectionWrapperFactory;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private final String openamAuditServiceUrl;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private final String amSessionCookieName;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    private final Logger logger;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    @Inject
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    SoapAuditEventPublisher(
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            HttpURLConnectionWrapperFactory httpURLConnectionWrapperFactory,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            @Named(AMSTSConstants.REST_CREATE_ACCESS_AUDIT_EVENT_URL) String openamAuditServiceUrl,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            @Named(AMSTSConstants.AM_SESSION_COOKIE_NAME) String amSessionCookieName,
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee            @Named(AMSTSConstants.CREST_VERSION_AUDIT_SERVICE) String openamAuditServiceVersion,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            SoapSTSAccessTokenProvider soapSTSAccessTokenProvider,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            Logger logger) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        this.httpURLConnectionWrapperFactory = httpURLConnectionWrapperFactory;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        this.openamAuditServiceUrl = openamAuditServiceUrl;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        this.amSessionCookieName = amSessionCookieName;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        this.openamAuditServiceVersion = openamAuditServiceVersion;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        this.soapSTSAccessTokenProvider = soapSTSAccessTokenProvider;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        this.logger = logger;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Send create request to OpenAM server's CREST AuditService with audit event JSON as payload.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param topic Coarse-grained categorization of the AuditEvent's type.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param auditEvent AuditEvent to be published.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    @Override
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public void publish(String topic, AuditEvent auditEvent) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            String sessionId = null;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            try {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                sessionId = soapSTSAccessTokenProvider.getAccessToken();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                Map<String, String> headerMap = new HashMap<>();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, openamAuditServiceVersion);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                headerMap.put(AMSTSConstants.COOKIE, createAMSessionCookie(sessionId));
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        .httpURLConnectionWrapper(buildAuditAccessUrl())
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        .withoutAuditTransactionIdHeader()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        .setRequestHeaders(headerMap)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster                        .setRequestMethod(AMSTSConstants.GET)
                        .setRequestPayload(auditEvent.getValue().toString())
                        .makeInvocation();

                if (connectionResult.getStatusCode() != HTTP_CREATED) {
                    logger.error("Failed to record audit event: [status code {}] {}",
                            connectionResult.getStatusCode(),
                            connectionResult.getResult());
                }
            } finally {
                if (sessionId != null) {
                    soapSTSAccessTokenProvider.invalidateAccessToken(sessionId);
                }
            }

        } catch (Exception e) {
            logger.error("Failed to publish audit event: {}", e.getMessage(), e);
        }
    }

    @Override
    public void tryPublish(String topic, AuditEvent auditEvent) {
        publish(topic, auditEvent);
    }

    @Override
    public boolean isAuditing(String realm, String topic) {
        return true;
    }

    private URL buildAuditAccessUrl() throws MalformedURLException {
        return new URL(openamAuditServiceUrl);
    }

    private String createAMSessionCookie(String sessionId) {
        return amSessionCookieName + AMSTSConstants.EQUALS + sessionId;
    }

}