From fcfeaa126e75c11cfb963f02c6f66a53bbca3109 Mon Sep 17 00:00:00 2001
From: Nicolas Capponi <nicolas.capponi@forgerock.com>
Date: Thu, 26 Nov 2015 16:46:33 +0000
Subject: [PATCH] OPENDJ-2465 Add support for transactionId in current DJ access and HTTP access loggers

---
 opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAudit.java |   45 +++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 45 insertions(+), 0 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAudit.java b/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAudit.java
index aa413b1..0bd29b3 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAudit.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAudit.java
@@ -25,6 +25,8 @@
  */
 package org.opends.server.loggers;
 
+import static java.util.Arrays.asList;
+
 import static org.opends.messages.LoggerMessages.*;
 import static java.util.Collections.newSetFromMap;
 import static org.forgerock.audit.AuditServiceBuilder.newAuditService;
@@ -41,11 +43,13 @@
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.regex.Pattern;
 
 import org.forgerock.audit.AuditException;
@@ -57,6 +61,7 @@
 import org.forgerock.audit.events.EventTopicsMetaData;
 import org.forgerock.audit.events.handlers.FileBasedEventHandlerConfiguration.FileRetention;
 import org.forgerock.audit.events.handlers.FileBasedEventHandlerConfiguration.FileRotation;
+import org.forgerock.audit.filter.FilterPolicy;
 import org.forgerock.audit.handlers.csv.CsvAuditEventHandler;
 import org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration;
 import org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration.CsvFormatting;
@@ -100,6 +105,8 @@
  */
 public class CommonAudit
 {
+  /** Transaction id used when the incoming request does not contain a transaction id. */
+  public static final String DEFAULT_TRANSACTION_ID = "0";
 
   private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
 
@@ -120,6 +127,7 @@
   /** Audit service shared by all HTTP access publishers. */
   private final AuditServiceProxy httpAccessAuditService;
 
+  private final AtomicBoolean trustTransactionIds = new AtomicBoolean(false);
 
   /**
    * Creates the common audit.
@@ -134,6 +142,28 @@
     this.httpAccessAuditService = createAuditServiceWithoutHandlers();
   }
 
+  /**
+   * Indicates if transactionIds received from requests should be trusted.
+   *
+   * @return {@code true} if transactionIds should be trusted, {@code false} otherwise
+   */
+  public boolean shouldTrustTransactionIds()
+  {
+    return trustTransactionIds.get();
+  }
+
+  /**
+   * Sets the indicator for transactionIds trusting.
+   *
+   * @param shouldTrust
+   *          {@code true} if transactionIds should be trusted, {@code false}
+   *          otherwise
+   */
+  public void setTrustTransactionIds(boolean shouldTrust)
+  {
+    trustTransactionIds.set(shouldTrust);
+  }
+
   private AuditServiceProxy createAuditServiceWithoutHandlers() throws ConfigException
   {
     try
@@ -349,6 +379,7 @@
 
     AuditServiceConfiguration auditConfig = new AuditServiceConfiguration();
     auditConfig.setAvailableAuditEventHandlers(setup.getHandlerNames());
+    auditConfig.setFilterPolicies(getFilterPoliciesToPreventHttpHeadersLogging());
     builder.withConfiguration(auditConfig);
     AuditService audit = builder.build();
 
@@ -368,6 +399,20 @@
     return proxy;
   }
 
+  /**
+   * Build filter policies at the AuditService level to prevent logging of the headers for HTTP requests.
+   * <p>
+   * HTTP Headers may contains authentication information.
+   */
+  private Map<String, FilterPolicy> getFilterPoliciesToPreventHttpHeadersLogging()
+  {
+    Map<String, FilterPolicy> filterPolicies = new HashMap<>();
+    FilterPolicy policy = new FilterPolicy();
+    policy.setExcludeIf(asList("/http-access/http/request/headers"));
+    filterPolicies.put("field", policy);
+    return filterPolicies;
+  }
+
   private void addHandlerToBuilder(PublisherConfig publisher, AuditServiceBuilder builder) throws ConfigException
   {
     if (publisher.isCsv())

--
Gitblit v1.10.0