Repository: ambari Updated Branches: refs/heads/audit_logging [created] 716b45ca8
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java new file mode 100644 index 0000000..a1d119e --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AuditEvent; +import org.apache.ambari.server.audit.request.ActivateUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.AdminUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.CreateUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.DeleteUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.request.UserPasswordChangeRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles user requests + * For resource type {@link Resource.Type#User} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} + */ +public class UserEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.DELETE); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.User); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch(request.getRequestType()) { + case POST: + return CreateUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withCreatedUsername(getUsername(request)) + .withActive(isActive(request)) + .withAdmin(isAdmin(request)) + .build(); + case DELETE: + return DeleteUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withDeletedUsername(request.getResource().getKeyValueMap().get(Resource.Type.User)) + .build(); + case PUT: + if(hasActive(request)) { + return ActivateUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUsername(getUsername(request)) + .withActive(isActive(request)) + .build(); + } + if(hasAdmin(request)) { + return AdminUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUsername(getUsername(request)) + .withAdmin(isAdmin(request)) + .build(); + } + if(hasOldPassword(request)) { + return UserPasswordChangeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUsername(getUsername(request)) + .build(); + } + default: + break; + } + return null; + } + + + private boolean isAdmin(Request request) { + return hasAdmin(request) && "true".equals(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "admin"))); + } + + private boolean isActive(Request request) { + return hasActive(request) && "true".equals(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "active"))); + } + + private boolean hasAdmin(Request request) { + return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "admin")); + } + + private boolean hasActive(Request request) { + return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "active")); + } + + private boolean hasOldPassword(Request request) { + return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "old_password")); + } + + private String getUsername(Request request) { + if(!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "user_name"))); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java index cb6f053..5efab78 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java @@ -44,11 +44,15 @@ import org.apache.ambari.server.actionmanager.StageFactoryImpl; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.audit.request.RequestAuditLogger; import org.apache.ambari.server.audit.request.RequestAuditLoggerImpl; +import org.apache.ambari.server.audit.request.eventcreator.PrivilegeEventCreator; +import org.apache.ambari.server.audit.request.eventcreator.GroupEventCreator; +import org.apache.ambari.server.audit.request.eventcreator.MemberEventCreator; import org.apache.ambari.server.audit.request.eventcreator.UnauthorizedEventCreator; import org.apache.ambari.server.audit.request.eventcreator.ConfigurationChangeEventCreator; import org.apache.ambari.server.audit.request.eventcreator.DefaultEventCreator; import org.apache.ambari.server.audit.request.eventcreator.ComponentEventCreator; import org.apache.ambari.server.audit.request.eventcreator.ServiceEventCreator; +import org.apache.ambari.server.audit.request.eventcreator.UserEventCreator; import org.apache.ambari.server.checks.AbstractCheckDescriptor; import org.apache.ambari.server.checks.UpgradeCheckRegistry; import org.apache.ambari.server.configuration.Configuration; @@ -398,6 +402,10 @@ public class ControllerModule extends AbstractModule { auditLogEventCreatorBinder.addBinding().to(ServiceEventCreator.class); auditLogEventCreatorBinder.addBinding().to(UnauthorizedEventCreator.class); auditLogEventCreatorBinder.addBinding().to(ConfigurationChangeEventCreator.class); + auditLogEventCreatorBinder.addBinding().to(UserEventCreator.class); + auditLogEventCreatorBinder.addBinding().to(GroupEventCreator.class); + auditLogEventCreatorBinder.addBinding().to(MemberEventCreator.class); + auditLogEventCreatorBinder.addBinding().to(PrivilegeEventCreator.class); bind(RequestAuditLogger.class).to(RequestAuditLoggerImpl.class); }
