RouterActivityLogger.java revision 21dcdac963f79c098a5ea1a2c5c5e109429c9786
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2011-2015 ForgeRock AS. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*/
/**
* Creates an audit activity log message using the router.
*/
public class RouterActivityLogger implements ActivityLogger {
/**
* Setup logging for the {@link ActivityLogger}.
*/
private final ConnectionFactory connectionFactory;
private final boolean suspendException;
private final boolean logFullObjects;
/**
* Creates an AuditLogger to create activity messages on the router.
*
* @param connectionFactory The {@link ConnectionFactory} to use.
*/
this(connectionFactory,
"suspend".equals(IdentityServer.getInstance().getProperty(ActivityLogger.class.getName().toLowerCase())));
}
/**
* Creates an AuditLogger to create activity messages on the router.
*
* @param connectionFactory The {@link ConnectionFactory} to use.
* @param suspendException whether to throw Exceptions on failure to log or not
*/
this.connectionFactory = connectionFactory;
this.suspendException = suspendException;
this.logFullObjects = Boolean.valueOf(identityServer.getProperty(OPENIDM_AUDIT_LOG_FULL_OBJECTS, "false"));
}
/**
* Grab authenticationId from security context, if one exists.
*
* @param context the context to possibly get the authenticationId from
* @return authenticationId from the security context
*/
: null;
}
/**
* {@inheritDoc}
*/
throw new NullPointerException("Request can not be null when audit.");
}
try {
// grab authenticationId from security context, if one exists.
//will be true if any of the watched password fields have changed.
//TODO once dependency is resolved, get action from AuditService.AuditAction rather than these strings.
boolean passwordChanged = getChangedFields("getChangedPasswordFields", before, after, context).length > 0;
.toEvent();
} catch (ResourceException ex) {
if (suspendException) {
// log on exception if we're suspending the exception-propagation
} else {
throw ex;
}
if (suspendException) {
// log on exception if we're suspending the exception-propagation
} else {
}
}
}
/**
* This calls Audit service to utilize its get changed field abilities.
* Determining the changed fields is left to the AuditService since it has the ability to utilize the CryptoService.
*
* @param auditAction The action that determines which watch filter to apply to the fields.
* @param before The object before changes.
* @param after The object after changes.
* @param context passed to the action call on audit service.
* @return fields that have changes.
* @throws ResourceException
*/
//TODO once dependency is resolved, first param should be AuditService.AuditAction rather than string.
)));
}
/**
* By default, READ and QUERY requests will not log the full object,
* unless overridden by logFullObjects.
*
* @param value the value to be returned if not a READ or QUERY, and not overridden by logFullObjects.
* @param requestType the type of request.
* @return the value to be returned if not a READ or QUERY, and not overridden by logFullObjects; null otherwise.
*/
boolean isReadOrQueryRequest = RequestType.READ.equals(requestType) || RequestType.QUERY.equals(requestType);
if (logFullObjects || !isReadOrQueryRequest) {
}
return null;
}
/**
* Pulls the revision from after if it isn't null, otherwise from before if it isn't null, otherwise null.
* Revision is expected to be a string field.
*
* @param before json before any changes were made
* @param after json after any changes were made
* @return revision
*/
}
}
return null;
}
}