8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: LogRecWrite.java,v 1.6 2009/06/19 02:33:29 bigfatrat Exp $
e6c3a72a023407f5d1fface64356e1cc81f1af31Phill Cunnington * Portions Copyrighted 2011-2016 ForgeRock AS.
bb63e33b7207cd81af13f453ea310808288cc6efKohei Tamura * Portions Copyrighted 2013 Nomura Research Institute, Ltd
bab1e6524fca64a55ecfc2503295092db8e0f48eCraig McDonnellimport static java.util.concurrent.TimeUnit.MILLISECONDS;
d84817c20fc73c3fd7832b2c30555c1ccff0d04dJaco Joosteimport static org.forgerock.openam.audit.AuditConstants.*;
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Joosteimport static org.forgerock.openam.utils.CollectionUtils.getFirstItem;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.share.Response;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.log.s1is.LogSSOTokenDetails;
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrestimport com.sun.identity.log.service.AgentLogParser.LogExtracts;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.monitoring.MonitoringUtil;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.monitoring.SsoServerLoggingHdlrEntryImpl;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.monitoring.SsoServerLoggingSvcImpl;
bab1e6524fca64a55ecfc2503295092db8e0f48eCraig McDonnellimport org.forgerock.openam.audit.AMAuditEventBuilderUtils;
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrestimport org.forgerock.openam.audit.AuditConstants;
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrestimport org.forgerock.openam.audit.AuditEventFactory;
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrestimport org.forgerock.openam.audit.AuditEventPublisher;
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrestimport org.forgerock.openam.audit.context.AuditRequestContext;
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrestimport org.forgerock.openam.utils.StringUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class implements <code>ParseOutput</code> interface and <code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * LogOperation</code> interface. It is parsing request and process the request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * log record. This class is registered with the SAX parser.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class LogRecWrite implements LogOperation, ParseOutput {
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Jooste private static final String EVALUATION_REALM = "org.forgerock.openam.agents.config.policy.evaluation.realm";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Return result of the request processing in <code>Response</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return result of the request processing in <code>Response</code>
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest public Response execute(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster slei = slsi.getHandler(SsoServerLoggingSvcImpl.REMOTE_HANDLER_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Logger logger = (Logger)Logger.getLogger(_logname);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Debug.message("LogRecWrite: exec: logname = " + _logname);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Level.parse(((com.sun.identity.log.service.LogRecord)_records.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String msg = ((com.sun.identity.log.service.LogRecord)_records.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map logInfoMap = ((com.sun.identity.log.service.LogRecord)_records.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ((com.sun.identity.log.service.LogRecord)_records.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster msg = new String(com.sun.identity.shared.encode.Base64.decode(msg));
dfa51161ad226f5998270e3becb25817774aa168Tony Bamford // if message is not base64 encoded just ignore &
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // write msg as it is.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Debug.message("LogRecWrite: message is not base64 encoded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (String)logInfoMap.get(LogConstants.LOGIN_ID_SID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (loginIDSid != null && loginIDSid.length() > 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager ssom = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loginIDToken = ssom.createSSOToken(loginIDSid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Debug.warning("LogService::process(): SSOException", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // here fill up logInfo into the newlr
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster rec = LogSSOTokenDetails.logSSOTokenInfo(rec, loginIDToken);
dfa51161ad226f5998270e3becb25817774aa168Tony Bamford // now take one be one values from logInfoMap and overwrite
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // any populated value from sso token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (i.hasNext()) {
dfa51161ad226f5998270e3becb25817774aa168Tony Bamford // if message is not base64 encoded just
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // ignore & write msg as it is.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "LogRecWrite: data is not "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "base64 encoded");
bb63e33b7207cd81af13f453ea310808288cc6efKohei Tamura rec.addLogInfo(LogConstants.LOG_LEVEL, rec.getLevel().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager ssom = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loggedByToken = ssom.createSSOToken(_loggedBySid);
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Jooste Map<String, Set<String>> appAttributes = IdUtils.getIdentity(loggedByToken).getAttributes();
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Jooste realm = getFirstItem(appAttributes.get(EVALUATION_REALM), NO_REALM);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Debug.error("LogRecWrite: exec:SSOException: ", ssoe);
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Jooste auditAccessMessage(auditEventPublisher, auditEventFactory, rec, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Log file record write okay and return OK
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Jooste private void auditAccessMessage(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory,
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest AgentLogParser logParser = new AgentLogParser();
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest LogExtracts logExtracts = logParser.tryParse(record.getMessage());
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest // A message type of no interest
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest Map<String, String> info = record.getLogInfoMap();
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest String clientIp = info.get(LogConstants.IP_ADDR);
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest String contextId = info.get(LogConstants.CONTEXT_ID);
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest String clientId = info.get(LogConstants.LOGIN_ID);
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest String resourceUrl = logExtracts.getResourceUrl();
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest int queryStringIndex = resourceUrl.indexOf('?');
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest String queryString = queryStringIndex > -1 ? resourceUrl.substring(queryStringIndex) : "";
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest String path = resourceUrl.replace(queryString, "");
bab1e6524fca64a55ecfc2503295092db8e0f48eCraig McDonnell Map<String, List<String>> queryParameters = AMAuditEventBuilderUtils.getQueryParametersAsMap(queryString);
681162a025178d2ec56dd5b5cf44e928b0aff3c0Jaco Jooste AuditEvent auditEvent = auditEventFactory.accessEvent(realm)
7ad2fbd2d39159e30fdde02d014626b643758033Andrew Forrest .transactionId(AuditRequestContext.getTransactionIdValue())
bcca58b64ccdda9e7b71f71945b7dffd6d2ca8d1Brian Bailey .httpRequest(hasSecureScheme(resourceUrl), "UNKNOWN", path, queryParameters,
8acf5a373074b7db10b49aa33b35f8a541cabfd1Jaco Jooste .response(logExtracts.getStatus(), logExtracts.getStatusCode(), -1, MILLISECONDS)
4ddc917bae3d889f687151804d52ff293bbded19Brian Bailey auditEventPublisher.tryPublish(AuditConstants.ACCESS_TOPIC, auditEvent);
bcca58b64ccdda9e7b71f71945b7dffd6d2ca8d1Brian Bailey private boolean hasSecureScheme(String resourceUrl) {
bcca58b64ccdda9e7b71f71945b7dffd6d2ca8d1Brian Bailey if (StringUtils.isNotEmpty(scheme) && "https".equals(scheme.toLowerCase())) {
bcca58b64ccdda9e7b71f71945b7dffd6d2ca8d1Brian Bailey return true;
bcca58b64ccdda9e7b71f71945b7dffd6d2ca8d1Brian Bailey //Fall through...
bcca58b64ccdda9e7b71f71945b7dffd6d2ca8d1Brian Bailey return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The method that implements the ParseOutput interface. This is called
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * by the SAX parser.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name name of request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param elems vaector has parsing elements
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param atts parsing attributes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pcdata given data to be parsed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void process(String name, Vector elems, Hashtable atts,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster _logname = ((Log) elems.elementAt(0))._logname;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster _loggedBySid = ((Log) elems.elementAt(0))._loggedBySid;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (com.sun.identity.log.service.LogRecord)elems.elementAt(i);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster} //end of LogRecWrite