http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java deleted file mode 100644 index c569bd1..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.controller.spi.Resource; - -/** - * This creator ignores recommendation post requests - * For resource type {@link Resource.Type#Recommendation} - * and request types {@link Request.Type#POST} - */ -public class RecommendationIgnoreEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.Recommendation); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - // intentionally skipping this event - return null; - } -}
http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java deleted file mode 100644 index 379c58d..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.AddRepositoryRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.UpdateRepositoryRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles privilege requests - * For resource type {@link Resource.Type#Repository} - * and request types {@link Request.Type#POST} and {@link Request.Type#PUT} - */ -public class RepositoryEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - requestTypes.add(Request.Type.PUT); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.Repository); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - switch (request.getRequestType()) { - case POST: - return AddRepositoryRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withRepo(getProperty(request, PropertyHelper.getPropertyId("Repositories", "repo_id"))) - .withStackName(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_name"))) - .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_version"))) - .withOsType(getProperty(request, PropertyHelper.getPropertyId("Repositories", "os_type"))) - .withBaseUrl(getProperty(request, PropertyHelper.getPropertyId("Repositories", "base_url"))) - .build(); - case PUT: - return UpdateRepositoryRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withRepo(getProperty(request, PropertyHelper.getPropertyId("Repositories", "repo_id"))) - .withStackName(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_name"))) - .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_version"))) - .withOsType(getProperty(request, PropertyHelper.getPropertyId("Repositories", "os_type"))) - .withBaseUrl(getProperty(request, PropertyHelper.getPropertyId("Repositories", "base_url"))) - .build(); - default: - return null; - } - } - - private String getProperty(Request request, String properyId) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); - } - return null; - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java deleted file mode 100644 index 14145e4..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.AddRepositoryVersionRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.ChangeRepositoryVersionRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.DeleteRepositoryVersionRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles privilege requests - * For resource type {@link Resource.Type#Repository} - * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} - */ -public class RepositoryVersionEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - requestTypes.add(Request.Type.PUT); - requestTypes.add(Request.Type.DELETE); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.RepositoryVersion); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - switch (request.getRequestType()) { - case POST: - return AddRepositoryVersionRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withStackName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_name"))) - .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_version"))) - .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "display_name"))) - .withRepoVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "repository_version"))) - .withRepos(getRepos(request)) - .build(); - case PUT: - return ChangeRepositoryVersionRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withStackName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_name"))) - .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_version"))) - .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "display_name"))) - .withRepoVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "repository_version"))) - .withRepos(getRepos(request)) - .build(); - case DELETE: - return DeleteRepositoryVersionRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withStackName(request.getResource().getKeyValueMap().get(Resource.Type.Stack)) - .withStackVersion(request.getResource().getKeyValueMap().get(Resource.Type.StackVersion)) - .withRepoVersion(request.getResource().getKeyValueMap().get(Resource.Type.RepositoryVersion)) - .build(); - default: - return null; - } - } - - private Map<String, List<Map<String, String>>> getRepos(Request request) { - - Map<String, List<Map<String, String>>> result = new HashMap<String, List<Map<String, String>>>(); - - if (!request.getBody().getPropertySets().isEmpty()) { - if (request.getBody().getPropertySets().iterator().next().get("operating_systems") instanceof Set) { - Set<Object> set = (Set<Object>) request.getBody().getPropertySets().iterator().next().get("operating_systems"); - - for (Object entry : set) { - if (entry instanceof Map) { - Map<String, Object> map = (Map<String, Object>) entry; - String osType = (String) map.get(PropertyHelper.getPropertyId("OperatingSystems", "os_type")); - if (!result.containsKey(osType)) { - result.put(osType, new LinkedList<Map<String, String>>()); - } - if (map.get("repositories") instanceof Set) { - Set<Object> repos = (Set<Object>) map.get("repositories"); - for (Object repo : repos) { - if (repo instanceof Map) { - Map<String, String> m = (Map<String, String>) repo; - String repoId = m.get(PropertyHelper.getPropertyId("Repositories", "repo_id")); - String repo_name = m.get(PropertyHelper.getPropertyId("Repositories", "repo_name")); - String baseUrl = m.get(PropertyHelper.getPropertyId("Repositories", "base_url")); - Map<String, String> resultMap = new HashMap<>(); - resultMap.put("repo_id", repoId); - resultMap.put("repo_name", repo_name); - resultMap.put("base_url", baseUrl); - result.get(osType).add(resultMap); - } - } - } - } - } - } - } - return result; - } - - private String getProperty(Request request, String properyId) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); - } - return null; - } - - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java deleted file mode 100644 index 6053b13..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.AddRequestRequestAuditEvent; -import org.apache.ambari.server.controller.internal.RequestOperationLevel; -import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles request type requests - * For resource type {@link Resource.Type#Request} - * and request types {@link Request.Type#POST} - */ -public class RequestEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - } - - private Set<Resource.Type> resourceTypes = new HashSet<Resource.Type>(); - - { - resourceTypes.add(Resource.Type.Request); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return resourceTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - // null makes this default - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - switch (request.getRequestType()) { - case POST: - return AddRequestRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withCommand(request.getBody().getRequestInfoProperties().get("command")) - .withClusterName(request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_CLUSTER_ID)) - .build(); - default: - return null; - } - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java deleted file mode 100644 index 6f9a769..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.ClientConfigDownloadRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles service config download requests - * For resource type {@link Resource.Type#Service} - * and request types {@link Request.Type#GET} - */ -public class ServiceConfigDownloadEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.GET); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.ClientConfig); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - return ClientConfigDownloadRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withService(request.getResource().getKeyValueMap().get(Resource.Type.Service)) - .withComponent(request.getResource().getKeyValueMap().get(Resource.Type.Component)) - .build(); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java deleted file mode 100644 index 1a5fd3c..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.event.StartOperationRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.DeleteServiceRequestAuditEvent; -import org.apache.ambari.server.controller.internal.RequestOperationLevel; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles operation requests (start, stop, install, etc) - * For resource type {@link Resource.Type#Service} - * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} - */ -public class ServiceEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - requestTypes.add(Request.Type.PUT); - requestTypes.add(Request.Type.DELETE); - } - - private Set<Resource.Type> resourceTypes = new HashSet<Resource.Type>(); - - { - resourceTypes.add(Resource.Type.Service); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return resourceTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - // null makes this default - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - if (request.getRequestType() == Request.Type.DELETE) { - return DeleteServiceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withService(request.getResource().getKeyValueMap().get(Resource.Type.Service)) - .build(); - } - - String operation = getOperation(request); - - Long requestId = null; - if (containsRequestId(result)) { - requestId = getRequestId(result); - } - - StartOperationRequestAuditEvent.StartOperationAuditEventBuilder auditEventBuilder = StartOperationRequestAuditEvent.builder() - .withOperation(operation) - .withUserName(username) - .withRemoteIp(request.getRemoteAddress()) - .withTimestamp(DateTime.now()) - .withRequestId(String.valueOf(requestId)); - - if (result.getStatus().isErrorState()) { - auditEventBuilder.withReasonOfFailure(result.getStatus().getMessage()); - } - - return auditEventBuilder.build(); - } - - private String getOperation(Request request) { - if (request.getBody().getRequestInfoProperties().containsKey(RequestOperationLevel.OPERATION_LEVEL_ID)) { - String operation = ""; - if ("CLUSTER".equals(request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_LEVEL_ID))) { - for (Map<String, Object> map : request.getBody().getPropertySets()) { - if (map.containsKey(PropertyHelper.getPropertyId("ServiceInfo", "state"))) { - operation = String.valueOf(map.get(PropertyHelper.getPropertyId("ServiceInfo", "state"))) + ": all services" - + " (" + request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_CLUSTER_ID) + ")"; - break; - } - } - } - if ("SERVICE".equals(request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_LEVEL_ID))) { - for (Map<String, Object> map : request.getBody().getPropertySets()) { - if (map.containsKey(PropertyHelper.getPropertyId("ServiceInfo", "state"))) { - operation = String.valueOf(map.get(PropertyHelper.getPropertyId("ServiceInfo", "state"))) + ": " + map.get(PropertyHelper.getPropertyId("ServiceInfo", "service_name")) - + " (" + request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_CLUSTER_ID) + ")"; - break; - } - } - } - return operation; - } - - for (Map<String, Object> map : request.getBody().getPropertySets()) { - if (map.containsKey(PropertyHelper.getPropertyId("ServiceInfo", "maintenance_state"))) { - return "Turn " + map.get(PropertyHelper.getPropertyId("ServiceInfo", "maintenance_state")) + " Maintenance Mode for " + map.get(PropertyHelper.getPropertyId("ServiceInfo", "service_name")); - } - } - return null; - } - - private Long getRequestId(Result result) { - return (Long) result.getResultTree().getChild("request").getObject().getPropertiesMap().get("Requests").get("id"); - } - - private boolean containsRequestId(Result result) { - return result.getResultTree().getChild("request") != null - && result.getResultTree().getChild("request").getObject() != null - && result.getResultTree().getChild("request").getObject().getPropertiesMap().get("Requests") != null - && result.getResultTree().getChild("request").getObject().getPropertiesMap().get("Requests").get("id") != null; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java deleted file mode 100644 index e83d3cb..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AccessUnauthorizedAuditEvent; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -public class UnauthorizedEventCreator implements RequestAuditEventCreator { - - @Override - public Set<Request.Type> getRequestTypes() { - return null; - } - - @Override - public Set<Resource.Type> getResourceTypes() { - return null; - } - - private Set<ResultStatus.STATUS> statuses = new HashSet<>(); - - { - statuses.add(ResultStatus.STATUS.UNAUTHORIZED); - statuses.add(ResultStatus.STATUS.FORBIDDEN); - } - - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return statuses; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - AccessUnauthorizedAuditEvent ae = AccessUnauthorizedAuditEvent.builder() - .withRemoteIp(request.getRemoteAddress()) - .withResourcePath(request.getURI()) - .withTimestamp(DateTime.now()) - .withUserName(username) - .build(); - - return ae; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java deleted file mode 100644 index 2ca64cc..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.AddUpgradeRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles upgrade requests - * For resource type {@link Resource.Type#Upgrade} - * and request types {@link Request.Type#POST} - */ -public class UpgradeEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.Upgrade); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - return AddUpgradeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withRepositoryVersion(getProperty(request, "repository_version")) - .withUpgradeType(getProperty(request, "upgrade_type")) - .withClusterName(getProperty(request, "cluster_name")) - .build(); - - } - - private String getProperty(Request request, String propertyName) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Upgrade", propertyName))); - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java deleted file mode 100644 index 5583e71..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.UpdateUpgradeItemRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles upgrade requests - * For resource type {@link Resource.Type#Upgrade} - * and request types {@link Request.Type#PUT} - */ -public class UpgradeItemEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.PUT); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.UpgradeItem); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - return UpdateUpgradeItemRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withStatus(getProperty(request, "status")) - .withStageId(getProperty(request, "stage_id")) - .withRequestId(getProperty(request, "request_id")) - .build(); - - } - - private String getProperty(Request request, String propertyName) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("UpgradeItem", propertyName))); - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java deleted file mode 100644 index 09b9efb..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.ActivateUserRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.AdminUserRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.CreateUserRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.DeleteUserRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.UserPasswordChangeRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles user requests - * For resource type {@link Resource.Type#User} - * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} - */ -public class UserEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - requestTypes.add(Request.Type.PUT); - requestTypes.add(Request.Type.DELETE); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.User); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - switch (request.getRequestType()) { - case POST: - return CreateUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withCreatedUsername(getUsername(request)) - .withActive(isActive(request)) - .withAdmin(isAdmin(request)) - .build(); - case DELETE: - return DeleteUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withDeletedUsername(request.getResource().getKeyValueMap().get(Resource.Type.User)) - .build(); - case PUT: - if (hasActive(request)) { - return ActivateUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withAffectedUsername(getUsername(request)) - .withActive(isActive(request)) - .build(); - } - if (hasAdmin(request)) { - return AdminUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withAffectedUsername(getUsername(request)) - .withAdmin(isAdmin(request)) - .build(); - } - if (hasOldPassword(request)) { - return UserPasswordChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withAffectedUsername(getUsername(request)) - .build(); - } - default: - break; - } - return null; - } - - - private boolean isAdmin(Request request) { - return hasAdmin(request) && "true".equals(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "admin"))); - } - - private boolean isActive(Request request) { - return hasActive(request) && "true".equals(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "active"))); - } - - private boolean hasAdmin(Request request) { - return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "admin")); - } - - private boolean hasActive(Request request) { - return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "active")); - } - - private boolean hasOldPassword(Request request) { - return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "old_password")); - } - - private String getUsername(Request request) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "user_name"))); - } - return null; - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java deleted file mode 100644 index b00a9d9..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.controller.spi.Resource; - -/** - * This creator ignores validation post requests - * For resource type {@link Resource.Type#Validation} - * and request types {@link Request.Type#POST} - */ -public class ValidationIgnoreEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.Validation); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - // intentionally skipping this event - return null; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java deleted file mode 100644 index 00aa1ce..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.AddViewInstanceRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.ChangeViewInstanceRequestAuditEvent; -import org.apache.ambari.server.audit.event.request.event.DeleteViewInstanceRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles view instance requests - * For resource type {@link Resource.Type#ViewInstance} - * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} - */ -public class ViewInstanceEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.POST); - requestTypes.add(Request.Type.PUT); - requestTypes.add(Request.Type.DELETE); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.ViewInstance); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - switch (request.getRequestType()) { - - case POST: - return AddViewInstanceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withType(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "view_name"))) - .withVersion(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "version"))) - .withName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "instance_name"))) - .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "label"))) - .withDescription(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "description"))) - .build(); - - case PUT: - return ChangeViewInstanceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withType(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "view_name"))) - .withVersion(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "version"))) - .withName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "instance_name"))) - .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "label"))) - .withDescription(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "description"))) - .build(); - - case DELETE: - return DeleteViewInstanceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withType(request.getResource().getKeyValueMap().get(Resource.Type.View)) - .withVersion(request.getResource().getKeyValueMap().get(Resource.Type.ViewVersion)) - .withName(request.getResource().getKeyValueMap().get(Resource.Type.ViewInstance)) - .build(); - - default: - return null; - } - } - - private String getProperty(Request request, String properyId) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); - } - return null; - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java deleted file mode 100644 index 9c5ba1b..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.event.request.eventcreator; - -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.Result; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.event.AuditEvent; -import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; -import org.apache.ambari.server.audit.event.request.event.ViewPrivilegeChangeRequestAuditEvent; -import org.apache.ambari.server.controller.spi.Resource; -import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; - -/** - * This creator handles view privilege requests - * For resource type {@link Resource.Type#ViewInstance} - * and request types {@link Request.Type#PUT} - */ -public class ViewPrivilegeEventCreator implements RequestAuditEventCreator { - - /** - * Set of {@link Request.Type}s that are handled by this plugin - */ - private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); - - { - requestTypes.add(Request.Type.PUT); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Request.Type> getRequestTypes() { - return requestTypes; - } - - /** - * {@inheritDoc} - */ - @Override - public Set<Resource.Type> getResourceTypes() { - return Collections.singleton(Resource.Type.ViewPrivilege); - } - - /** - * {@inheritDoc} - */ - @Override - public Set<ResultStatus.STATUS> getResultStatuses() { - return null; - } - - @Override - public AuditEvent createAuditEvent(Request request, Result result) { - String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); - - - Map<String, List<String>> users = getEntities(request, "USER"); - Map<String, List<String>> groups = getEntities(request, "GROUP"); - - return ViewPrivilegeChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) - .withRequestType(request.getRequestType()) - .withResultStatus(result.getStatus()) - .withUrl(request.getURI()) - .withRemoteIp(request.getRemoteAddress()) - .withUserName(username) - .withType(getProperty(request, PropertyHelper.getPropertyId("PrivilegeInfo", "view_name"))) - .withVersion(getProperty(request, PropertyHelper.getPropertyId("PrivilegeInfo", "version"))) - .withName(getProperty(request, PropertyHelper.getPropertyId("PrivilegeInfo", "instance_name"))) - .withUsers(users) - .withGroups(groups) - .build(); - - } - - private String getProperty(Request request, String properyId) { - if (!request.getBody().getPropertySets().isEmpty()) { - return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); - } - return null; - } - - private Map<String, List<String>> getEntities(final Request request, final String type) { - Map<String, List<String>> entities = new HashMap<String, List<String>>(); - - for (Map<String, Object> propertyMap : request.getBody().getPropertySets()) { - String ptype = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "principal_type"))); - if (type.equals(ptype)) { - String role = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "permission_name"))); - String name = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "principal_name"))); - if (!entities.containsKey(role)) { - entities.put(role, new LinkedList<String>()); - } - - entities.get(role).add(name); - } - } - return entities; - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java new file mode 100644 index 0000000..200ecfa --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java @@ -0,0 +1,161 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AbstractUserAuditEvent; + +/** + * Base class for start operation audit events. + */ +public class RequestAuditEvent extends AbstractUserAuditEvent { + + public static class RequestAuditEventBuilder<T extends RequestAuditEvent, TBuilder extends RequestAuditEventBuilder<T, TBuilder>> extends AbstractUserAuditEventBuilder<T, TBuilder> { + + /** + * Request type (PUT, POST, DELETE, etc...) + */ + private Request.Type requestType; + + /** + * Result status, that contains http statuses (OK, ACCEPTED, FORBIDDEN, etc...) + */ + private ResultStatus resultStatus; + + /** + * The url that is called + */ + private String url; + + /** + * Description of the operation + */ + private String operation; + + /** + * {@inheritDoc} + */ + @Override + protected T newAuditEvent() { + return (T) new RequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + if (operation != null) { + builder + .append(", Operation(") + .append(operation) + .append(")"); + } + builder + .append(", RequestType(") + .append(requestType) + .append("), ") + .append("url(") + .append(url) + .append("), ResultStatus(") + .append(resultStatus.getStatusCode()) + .append(" ") + .append(resultStatus.getStatus()) + .append(")"); + + if (resultStatus.isErrorState()) { + builder.append(", Reason(") + .append(resultStatus.getMessage()) + .append(")"); + } + } + + /** + * Sets the request type to be added to the audit event. + * + * @param requestType request type to be added to the audit event. + * @return this builder + */ + public TBuilder withRequestType(Request.Type requestType) { + this.requestType = requestType; + + return (TBuilder) this; + } + + /** + * Sets the url to be added to the audit event. + * + * @param url url to be added to the audit event. + * @return this builder + */ + public TBuilder withUrl(String url) { + this.url = url; + + return (TBuilder) this; + } + + /** + * Sets the result status to be added to the audit event. + * + * @param resultStatus result status to be added to the audit event. + * @return this builder + */ + public TBuilder withResultStatus(ResultStatus resultStatus) { + this.resultStatus = resultStatus; + + return (TBuilder) this; + } + + /** + * Sets the operation to be added to the audit event. + * + * @param operation operation to be added to the audit event. + * @return this builder + */ + public TBuilder withOperation(String operation) { + this.operation = operation; + + return (TBuilder) this; + } + } + + protected RequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected RequestAuditEvent(RequestAuditEventBuilder<?, ?> builder) { + super(builder); + } + + /** + * Returns an builder for {@link RequestAuditEvent} + * + * @return a builder instance + */ + public static RequestAuditEventBuilder<?, ?> builder() { + return new RequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEventCreator.java new file mode 100644 index 0000000..ccb39de --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEventCreator.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.controller.spi.Resource; + +/** + * This interface must be implemented by the plugins for the request audit logger + * in order to make custom {@link AuditEvent}s based on {@link org.apache.ambari.server.api.services.Request.Type}s + * and {@link org.apache.ambari.server.controller.spi.Resource.Type} + */ +public interface RequestAuditEventCreator { + + /** + * @return the set of {@link org.apache.ambari.server.api.services.Request.Type}s that are handled by this creator + */ + Set<Request.Type> getRequestTypes(); + + /** + * @return the {@link org.apache.ambari.server.controller.spi.Resource.Type}s that is handled by this creator + */ + Set<Resource.Type> getResourceTypes(); + + /** + * @return the {@link ResultStatus}es that is handled by this creator + */ + Set<ResultStatus.STATUS> getResultStatuses(); + + /** + * Creates and {@link AuditEvent} + * @param request HTTP request object + * @param result HTTP result object + * @return an {@link AuditEvent} + */ + AuditEvent createAuditEvent(Request request, Result result); + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLogger.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLogger.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLogger.java new file mode 100644 index 0000000..c132139 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLogger.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; + +/** + * Audit logger interface for logging requests + */ +public interface RequestAuditLogger { + + /** + * Logs an audit event based on the http request and result + * @param request + * @param result + */ + void log(Request request, Result result); + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/565c2ea2/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java new file mode 100644 index 0000000..4124921 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + + +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AuditLogger; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.controller.spi.Resource; + +import com.google.inject.Inject; +import com.google.inject.Singleton; + +/** + * The purpose of this class is to create audit log entries for the HTTP requests + */ +@Singleton +public class RequestAuditLoggerImpl implements RequestAuditLogger { + + /** + * Priorities for searching the proper creator + */ + private static final int REQUEST_TYPE_PRIORITY = 1; + private static final int RESULT_STATUS_PRIORITY = 2; + private static final int RESOURCE_TYPE_PRIORITY = 4; + + /** + * Container for the {@link RequestAuditEventCreator} + */ + private Set<RequestAuditEventCreator> creators; + + /** + * Audit logger that receives {@link AuditEvent}s and does the actual logging + */ + private AuditLogger auditLogger; + + /** + * Injecting dependencies through the constructor + * @param auditLogger Audit Logger + * @param creatorSet Set of plugins that are registered for requests + */ + @Inject + public RequestAuditLoggerImpl(AuditLogger auditLogger, Set<RequestAuditEventCreator> creatorSet) { + this.auditLogger = auditLogger; + this.creators = creatorSet; + } + + /** + * Finds the proper creator, then creates and logs and {@link AuditEvent} + * @param request + * @param result + */ + @Override + public void log(Request request, Result result) { + Resource.Type resourceType = request.getResource().getResourceDefinition().getType(); + Request.Type requestType = request.getRequestType(); + ResultStatus resultStatus = result.getStatus(); + + RequestAuditEventCreator creator = selectCreator(resourceType, resultStatus, requestType); + if (creator != null) { + AuditEvent ae = creator.createAuditEvent(request, result); + if (ae != null) { + auditLogger.log(ae); + } + } + } + + /** + * Select the proper creator. Priority order: resourceType > resultStatus > requestType + * The most matching creator is returned + * If there is no creator found, then null is returned. + * @param resourceType + * @param requestType + * @param resultStatus + * @return + */ + private RequestAuditEventCreator selectCreator(Resource.Type resourceType, ResultStatus resultStatus, Request.Type requestType) { + + RequestAuditEventCreator selected = null; + Integer priority = -1; + + for (RequestAuditEventCreator creator : creators) { + Integer creatorPriority = getPriority(creator, resourceType, resultStatus, requestType); + if (creatorPriority != null && priority < creatorPriority) { + priority = creatorPriority; + selected = creator; + } + } + return selected; + } + + /** + * Calculates the creator priority for the actual resouce type, result status and request type + * @param creator + * @param resourceType + * @param resultStatus + * @param requestType + * @return + */ + private Integer getPriority(RequestAuditEventCreator creator, Resource.Type resourceType, ResultStatus resultStatus, Request.Type requestType) { + Integer priority = 0; + + if (isIncompatible(creator, resourceType, resultStatus, requestType)) { + return null; + } + + priority += creator.getRequestTypes() != null && creator.getRequestTypes().contains(requestType) ? REQUEST_TYPE_PRIORITY : 0; + priority += creator.getResultStatuses() != null && creator.getResultStatuses().contains(resultStatus.getStatus()) ? RESULT_STATUS_PRIORITY : 0; + priority += creator.getResourceTypes() != null && creator.getResourceTypes().contains(resourceType) ? RESOURCE_TYPE_PRIORITY : 0; + return priority; + } + + /** + * Checks if the creator is a possible candidate for creating audit log event for the request + * @param creator + * @param resourceType + * @param resultStatus + * @param requestType + * @return + */ + private boolean isIncompatible(RequestAuditEventCreator creator, Resource.Type resourceType, ResultStatus resultStatus, Request.Type requestType) { + return creator.getRequestTypes() != null && !creator.getRequestTypes().contains(requestType) || + creator.getResultStatuses() != null && !creator.getResultStatuses().contains(resultStatus.getStatus()) || + creator.getResourceTypes() != null && !creator.getResourceTypes().contains(resourceType); + } +}
