AbstractAuthenticationEventAuditor.java revision 563b922249eadd0562ddea89c52ed308c2d31c0a
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms of the Common Development and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Distribution License (the License). You may not use this file except in compliance with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specific language governing permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Software, include this CDDL Header Notice in each file and include
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header, with the fields enclosed by brackets [] replaced by your own identifying
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * information: "Portions copyright [year] [name of copyright owner]".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.forgerock.openam.audit.AuditConstants.NO_REALM;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport static org.forgerock.openam.utils.StringUtils.isNotEmpty;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.service.InternalSession;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.LoginState;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.openam.audit.AuditEventFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.openam.audit.AuditEventPublisher;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Abstract auditor for constructing and logging authentication events.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @since 13.0.0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic abstract class AbstractAuthenticationEventAuditor {
5d10f01c87ac9763dbced4c620a5c7df623a99fcJon Jonthomas protected final AuditEventPublisher eventPublisher;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected final AuditEventFactory eventFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor for {@link AbstractAuthenticationEventAuditor}.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param eventPublisher The publisher responsible for logging the events.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param eventFactory The factory that can be used to create the events.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AbstractAuthenticationEventAuditor(AuditEventPublisher eventPublisher, AuditEventFactory eventFactory) {
aa3a2aee90d1c61946a08c839d9838be7658b453Craig McDonnell * Get the universal user ID.
5d10f01c87ac9763dbced4c620a5c7df623a99fcJon Jonthomas * @param principalName The principal name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm The realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The universal user ID or an empty string if it could not be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected String getUserId(String principalName, String realm) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (isNotEmpty(principalName) && isNotEmpty(realm)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMIdentity identity = IdUtils.getIdentity(principalName, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Get the tracking ID from the login state of the event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param loginState The login state of the event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The tracking ID or an empty string if it could not be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected Set<String> getTrackingIds(LoginState loginState) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster InternalSession session = loginState == null ? null : loginState.getSession();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String sessionContext = session == null ? null : session.getProperty(Constants.AM_CTX_ID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return sessionContext == null ? Collections.<String>emptySet() : singleton(sessionContext);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Get the realm from the login state of the event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param loginState The login state of the event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The realm or null if it could not be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected String getRealmFromState(LoginState loginState) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN = loginState == null ? null : loginState.getOrgDN();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return orgDN == null ? NO_REALM : DNMapper.orgNameToRealmName(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Get the realm from the {@Link SSOToken} of the event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token The {@Link SSOToken} of the event.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return The realm or null if it could not be found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected String getRealmFromToken(SSOToken token) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgDN = token == null ? null : token.getProperty(ISAuthConstants.ORGANIZATION);