From 786c19842a8d2a392086deeefa5d985669158c8c Mon Sep 17 00:00:00 2001
From: Fabio Pistolesi <fabio.pistolesi@forgerock.com>
Date: Mon, 03 Oct 2016 09:49:30 +0000
Subject: [PATCH] OPENDJ-3335 Reuse request and response fields for publishing LDAP events
---
opendj-server-legacy/src/main/java/org/opends/server/protocols/http/CommonAuditHttpAccessAuditFilter.java | 5
opendj-server-legacy/src/main/java/org/opends/server/loggers/OpenDJAccessEventBuilder.java | 90 ++++++++------
opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAuditAccessLogPublisher.java | 27 +--
opendj-server-legacy/src/main/resources/org/opends/server/loggers/audit-config.json | 231 ++++++++++++++++++--------------------
4 files changed, 170 insertions(+), 183 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAuditAccessLogPublisher.java b/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAuditAccessLogPublisher.java
index fd7c6aa..78d4989 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAuditAccessLogPublisher.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/loggers/CommonAuditAccessLogPublisher.java
@@ -125,8 +125,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(abandonOperation, "ABANDON");
+ addResultCodeAndMessage(abandonOperation, builder);
appendAbandonRequest(abandonOperation, builder);
- appendResultCodeAndMessage(abandonOperation, builder);
sendEvent(builder.toEvent());
}
@@ -139,8 +139,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(addOperation, "ADD");
+ addResultCodeAndMessage(addOperation, builder);
appendAddRequest(addOperation, builder);
- appendResultCodeAndMessage(addOperation, builder);
DN proxiedAuthorizationDN = addOperation.getProxiedAuthorizationDN();
appendProxiedAuthorizationDNIfNeeded(builder, proxiedAuthorizationDN);
@@ -156,8 +156,8 @@
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(bindOperation, "BIND");
+ addResultCodeAndMessage(bindOperation, builder);
appendBindRequest(bindOperation, builder);
- appendResultCodeAndMessage(bindOperation, builder);
final LocalizableMessage failureMessage = bindOperation.getAuthFailureReason();
if (failureMessage != null)
@@ -211,8 +211,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(compareOperation, "COMPARE");
+ addResultCodeAndMessage(compareOperation, builder);
appendCompareRequest(compareOperation, builder);
- appendResultCodeAndMessage(compareOperation, builder);
DN proxiedAuthorizationDN = compareOperation.getProxiedAuthorizationDN();
appendProxiedAuthorizationDNIfNeeded(builder, proxiedAuthorizationDN);
@@ -235,7 +235,6 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = openDJAccessEvent()
- .eventName("DJ-" + clientConnection.getProtocol() + "-" + "CONNECT")
.client(clientConnection.getClientAddress(), clientConnection.getClientPort())
.server(clientConnection.getServerAddress(), clientConnection.getServerPort())
.request(clientConnection.getProtocol(), "CONNECT")
@@ -254,8 +253,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(deleteOperation, "DELETE");
+ addResultCodeAndMessage(deleteOperation, builder);
appendDeleteRequest(deleteOperation, builder);
- appendResultCodeAndMessage(deleteOperation, builder);
DN proxiedAuthorizationDN = deleteOperation.getProxiedAuthorizationDN();
appendProxiedAuthorizationDNIfNeeded(builder, proxiedAuthorizationDN);
@@ -271,7 +270,6 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = openDJAccessEvent()
- .eventName("DJ-" + clientConnection.getProtocol() + "-" + "DISCONNECT")
.client(clientConnection.getClientAddress(), clientConnection.getClientPort())
.server(clientConnection.getServerAddress(), clientConnection.getServerPort())
.request(clientConnection.getProtocol(), "DISCONNECT")
@@ -292,8 +290,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(extendedOperation, "EXTENDED");
+ addResultCodeAndMessage(extendedOperation, builder);
appendExtendedRequest(extendedOperation, builder);
- appendResultCodeAndMessage(extendedOperation, builder);
final String oid = extendedOperation.getResponseOID();
if (oid != null)
{
@@ -316,8 +314,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(modifyDNOperation, "MODIFYDN");
+ addResultCodeAndMessage(modifyDNOperation, builder);
appendModifyDNRequest(modifyDNOperation, builder);
- appendResultCodeAndMessage(modifyDNOperation, builder);
DN proxiedAuthorizationDN = modifyDNOperation.getProxiedAuthorizationDN();
appendProxiedAuthorizationDNIfNeeded(builder, proxiedAuthorizationDN);
@@ -332,8 +330,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(modifyOperation, "MODIFY");
+ addResultCodeAndMessage(modifyOperation, builder);
appendModifyRequest(modifyOperation, builder);
- appendResultCodeAndMessage(modifyOperation, builder);
DN proxiedAuthorizationDN = modifyOperation.getProxiedAuthorizationDN();
appendProxiedAuthorizationDNIfNeeded(builder, proxiedAuthorizationDN);
@@ -348,10 +346,8 @@
return;
}
OpenDJAccessAuditEventBuilder<?> builder = getEventBuilder(searchOperation, "SEARCH");
- builder
- .ldapSearch(searchOperation)
- .ldapNEntries(searchOperation.getEntriesSent());
- appendResultCodeAndMessage(searchOperation, builder);
+ addResultCodeAndMessage(searchOperation, builder);
+ builder.ldapSearch(searchOperation).ldapNEntries(searchOperation.getEntriesSent());
DN proxiedAuthorizationDN = searchOperation.getProxiedAuthorizationDN();
appendProxiedAuthorizationDNIfNeeded(builder, proxiedAuthorizationDN);
@@ -435,7 +431,7 @@
builder.ldapDn(modifyOperation.getRawEntryDN().toString());
}
- private OpenDJAccessAuditEventBuilder<?> appendResultCodeAndMessage(
+ private OpenDJAccessAuditEventBuilder<?> addResultCodeAndMessage(
Operation operation, OpenDJAccessAuditEventBuilder<?> builder)
{
final LocalizableMessageBuilder message = operation.getErrorMessage();
@@ -461,7 +457,6 @@
ClientConnection clientConn = operation.getClientConnection();
OpenDJAccessAuditEventBuilder<?> builder = openDJAccessEvent()
- .eventName("DJ-" + clientConn.getProtocol() + "-" + opType)
.client(clientConn.getClientAddress(), clientConn.getClientPort())
.server(clientConn.getServerAddress(), clientConn.getServerPort())
.request(clientConn.getProtocol(), opType)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/loggers/OpenDJAccessEventBuilder.java b/opendj-server-legacy/src/main/java/org/opends/server/loggers/OpenDJAccessEventBuilder.java
index 47f2371..7b60554 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/loggers/OpenDJAccessEventBuilder.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/loggers/OpenDJAccessEventBuilder.java
@@ -26,6 +26,7 @@
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.json.JsonValue;
+import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.util.Reject;
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.SearchOperation;
@@ -44,8 +45,8 @@
class OpenDJAccessAuditEventBuilder<T extends OpenDJAccessAuditEventBuilder<T>> extends AccessAuditEventBuilder<T>
{
- private static final String LDAP_VALUE_KEY = "ldap";
- private JsonValue ldapValue;
+ private JsonValue opRequest;
+ private JsonValue opResponse;
private OpenDJAccessAuditEventBuilder()
{
@@ -55,7 +56,7 @@
@SuppressWarnings("rawtypes")
public static <T> OpenDJAccessAuditEventBuilder<?> openDJAccessEvent()
{
- return new OpenDJAccessAuditEventBuilder();
+ return ((OpenDJAccessAuditEventBuilder<?>) new OpenDJAccessAuditEventBuilder()).eventName("DJ-LDAP");
}
public T ldapAdditionalItems(Operation op)
@@ -63,76 +64,73 @@
String items = getAdditionalItemsAsString(op);
if (!items.isEmpty())
{
- getLdapValue().put("items", items);
+ getOpResponse().put("additionalItems", items);
}
return self();
}
public T ldapAttr(String attr)
{
- getLdapValue().put("attr", attr);
+ getOpRequest().put("attr", attr);
return self();
}
public T ldapConnectionId(long id)
{
- getLdapValue().put("connId", id);
+ getOpRequest().put("connId", id);
return self();
}
public T ldapControls(Operation operation)
{
- JsonValue ldapValue = getLdapValue();
List<Control> requestControls = operation.getRequestControls();
if (!requestControls.isEmpty())
{
- ldapValue.put("reqControls", getControlsAsString(requestControls));
+ getOpRequest().put("controls", getControlsAsString(requestControls));
}
List<Control> responseControls = operation.getResponseControls();
if (!responseControls.isEmpty())
{
- ldapValue.put("respControls", getControlsAsString(responseControls));
+ getOpResponse().put("controls", getControlsAsString(responseControls));
}
return self();
}
public T ldapDn(String dn)
{
- getLdapValue().put("dn", dn);
+ getOpRequest().put("dn", dn);
return self();
}
public T ldapFailureMessage(String msg)
{
- getLdapValue().put("failureReason", msg);
+ getOpResponse().put("failureReason", msg);
return self();
}
public T ldapIds(Operation op)
{
- JsonValue ldapValue = getLdapValue();
- ldapValue.put("connId", op.getConnectionID());
- ldapValue.put("msgId", op.getMessageID());
+ getOpRequest().put("connId", op.getConnectionID());
+ getOpRequest().put("msgId", op.getMessageID());
return self();
}
public T ldapIdToAbandon(int id)
{
- getLdapValue().put("idToAbandon", id);
+ getOpRequest().put("idToAbandon", id);
return self();
}
public T ldapMaskedResultAndMessage(Operation operation)
{
- JsonValue ldapValue = getLdapValue();
if (operation.getMaskedResultCode() != null)
{
- ldapValue.put("maskedResult", operation.getMaskedResultCode().intValue());
+ getOpResponse().put("maskedResult", operation.getMaskedResultCode().intValue());
}
final LocalizableMessageBuilder maskedMsg = operation.getMaskedErrorMessage();
if (maskedMsg != null && maskedMsg.length() > 0)
{
- ldapValue.put("maskedMessage", maskedMsg.toString());
+ getOpResponse().put("maskedMessage", maskedMsg.toString());
}
return self();
}
@@ -141,66 +139,68 @@
{
if (msg != null)
{
- getLdapValue().put("message", msg.toString());
+ getOpRequest().put("message", msg.toString());
}
return self();
}
public T ldapName(String name)
{
- getLdapValue().put("name", name);
+ getOpRequest().put("name", name);
return self();
}
public T ldapModifyDN(ModifyDNOperation modifyDNOperation)
{
- JsonValue ldapValue = getLdapValue();
- ldapValue.put("newRDN", modifyDNOperation.getRawNewRDN().toString());
- ldapValue.put("newSup", modifyDNOperation.getRawNewSuperior().toString());
- ldapValue.put("deleteOldRDN", modifyDNOperation.deleteOldRDN());
+ getOpRequest().put("newRDN", modifyDNOperation.getRawNewRDN().toString());
+ final ByteString rawNewSuperior = modifyDNOperation.getRawNewSuperior();
+ if (rawNewSuperior != null)
+ {
+ getOpRequest().put("newSup", rawNewSuperior.toString());
+ }
+ getOpRequest().put("deleteOldRDN", modifyDNOperation.deleteOldRDN());
return self();
}
public T ldapNEntries(int nbEntries)
{
- getLdapValue().put("nentries", nbEntries);
+ getOpResponse().put("nentries", nbEntries);
return self();
}
public T ldapOid(String oid)
{
- getLdapValue().put("oid", oid);
+ getOpRequest().put("oid", oid);
return self();
}
public T ldapProtocolVersion(String version)
{
- getLdapValue().put("version", version);
+ getOpRequest().put("version", version);
return self();
}
public T ldapReason(DisconnectReason reason)
{
- getLdapValue().put("reason", reason.toString());
+ getOpResponse().put("reason", reason.toString());
return self();
}
public T ldapSearch(SearchOperation searchOperation)
{
- JsonValue ldapValue = getLdapValue();
// for search base, re-uses the "dn" field
- ldapValue.put("dn", searchOperation.getRawBaseDN().toString());
- ldapValue.put("scope", searchOperation.getScope().toString());
- ldapValue.put("filter", searchOperation.getRawFilter().toString());
+ getOpRequest().put("dn", searchOperation.getRawBaseDN().toString());
+ getOpRequest().put("scope", searchOperation.getScope().toString());
+ getOpRequest().put("filter", searchOperation.getRawFilter().toString());
final Set<String> attrs = searchOperation.getAttributes();
if ((attrs == null) || attrs.isEmpty())
{
- ldapValue.put("attrs", Arrays.asList("ALL"));
+ getOpRequest().put("attrs", Arrays.asList("ALL"));
}
else
{
- ldapValue.put("attrs", new ArrayList<>(attrs));
+ getOpRequest().put("attrs", new ArrayList<>(attrs));
}
return self();
}
@@ -209,14 +209,14 @@
{
if (operation.isSynchronizationOperation())
{
- getLdapValue().put("opType", "sync");
+ getOpRequest().put("opType", "sync");
}
return self();
}
public T ldapAuthType(String type)
{
- getLdapValue().put("authType", type);
+ getOpRequest().put("authType", type);
return self();
}
@@ -248,13 +248,21 @@
return items.toString();
}
- private JsonValue getLdapValue()
+ private JsonValue getOpRequest()
{
- if (ldapValue == null)
+ if (opRequest == null)
{
- jsonValue.put(LDAP_VALUE_KEY, object());
- ldapValue = jsonValue.get(LDAP_VALUE_KEY);
+ opRequest = jsonValue.get("request");
}
- return ldapValue;
+ return opRequest;
+ }
+
+ private JsonValue getOpResponse()
+ {
+ if (opResponse == null)
+ {
+ opResponse = jsonValue.get("response");
+ }
+ return opResponse;
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/CommonAuditHttpAccessAuditFilter.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/CommonAuditHttpAccessAuditFilter.java
index 37d0548..ffa36e1 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/CommonAuditHttpAccessAuditFilter.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/CommonAuditHttpAccessAuditFilter.java
@@ -53,7 +53,6 @@
private final RequestHandler auditServiceHandler;
private final TimeService time;
- private final String productName;
/**
* Constructs a new HttpAccessAuditFilter.
@@ -63,7 +62,6 @@
* @param time The {@link TimeService} to use.
*/
public CommonAuditHttpAccessAuditFilter(String productName, RequestHandler auditServiceHandler, TimeService time) {
- this.productName = productName;
this.auditServiceHandler = auditServiceHandler;
this.time = time;
}
@@ -74,9 +72,8 @@
AccessAuditEventBuilder<?> accessAuditEventBuilder = accessEvent();
- String protocol = clientContext.isSecure() ? "HTTPS" : "HTTP";
accessAuditEventBuilder
- .eventName(productName + "-" + protocol + "-ACCESS")
+ .eventName("DJ-HTTP")
.timestamp(time.now())
.transactionIdFromContext(context)
.serverFromContext(clientContext)
diff --git a/opendj-server-legacy/src/main/resources/org/opends/server/loggers/audit-config.json b/opendj-server-legacy/src/main/resources/org/opends/server/loggers/audit-config.json
index f010de4..8bc983e 100644
--- a/opendj-server-legacy/src/main/resources/org/opends/server/loggers/audit-config.json
+++ b/opendj-server-legacy/src/main/resources/org/opends/server/loggers/audit-config.json
@@ -245,6 +245,84 @@
"operation": {
"description": "org.forgerock.audit.events.access.request.operation",
"type": "string"
+ },
+ "connId": {
+ "id": "connId",
+ "type": "string"
+ },
+ "msgId": {
+ "id": "msgId",
+ "type": "string"
+ },
+ "dn": {
+ "id": "dn",
+ "type": "string"
+ },
+ "scope": {
+ "id": "scope",
+ "type": "string"
+ },
+ "filter": {
+ "id": "filter",
+ "type": "string"
+ },
+ "attrs": {
+ "id": "attrs",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "authType": {
+ "id": "authType",
+ "type": "string"
+ },
+ "controls": {
+ "id": "controls",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "attr" : {
+ "id" : "attr",
+ "type" : "string"
+ },
+ "idToAbandon" : {
+ "id" : "idToAbandon",
+ "type" : "integer"
+ },
+ "message" : {
+ "id" : "message",
+ "type" : "string"
+ },
+ "name" : {
+ "id" : "name",
+ "type" : "string"
+ },
+ "newRDN" : {
+ "id" : "newRDN",
+ "type" : "string"
+ },
+ "newSup" : {
+ "id" : "newSup",
+ "type" : "string"
+ },
+ "deleteOldRDN" : {
+ "id" : "deleteOldRDN",
+ "type" : "boolean"
+ },
+ "oid" : {
+ "id" : "oid",
+ "type" : "string"
+ },
+ "version" : {
+ "id" : "version",
+ "type" : "string"
+ },
+ "opType": {
+ "id": "opType",
+ "type": "string"
}
}
},
@@ -270,133 +348,42 @@
"elapsedTimeUnits": {
"description": "org.forgerock.audit.events.access.response.elapsedTimeUnits",
"type": "string"
- }
- }
- },
- "ldap": {
- "id": "ldap",
- "type": "object",
- "properties": {
- "connId": {
- "id": "connId",
- "type": "string"
- },
- "msgId": {
- "id": "msgId",
- "type": "string"
- },
- "dn": {
- "id": "dn",
- "type": "string"
- },
- "scope": {
- "id": "scope",
- "type": "string"
- },
- "filter": {
- "id": "filter",
- "type": "string"
- },
- "attrs": {
- "id": "attrs",
- "type": "array",
- "items": {
- "type": "string"
- }
- },
- "nentries": {
- "id": "nentries",
- "type": "string"
- },
- "authType": {
- "id": "authType",
- "type": "string"
- },
- "reqControls": {
- "id": "reqControls",
- "type": "array",
- "items": {
- "type": "string"
- }
- },
- "respControls": {
- "id": "respControls",
- "type": "array",
- "items": {
- "type": "string"
- }
- },
- "additionalItems": {
- "id": "additionalItems",
- "type": "string"
- },
- "items" : {
- "id" : "items",
- "type" : "string"
- },
- "attr" : {
- "id" : "attr",
- "type" : "string"
- },
- "failureReason" : {
- "id" : "failureReason",
- "type" : "string"
- },
- "idToAbandon" : {
- "id" : "idToAbandon",
- "type" : "integer"
- },
- "maskedResult" : {
- "id" : "maskedResult",
- "type" : "integer"
- },
- "maskedMessage" : {
- "id" : "maskedMessage",
- "type" : "string"
- },
- "message" : {
- "id" : "message",
- "type" : "string"
- },
- "name" : {
- "id" : "name",
- "type" : "string"
- },
- "newRDN" : {
- "id" : "newRDN",
- "type" : "string"
- },
- "newSup" : {
- "id" : "newSup",
- "type" : "string"
- },
- "deleteOldRDN" : {
- "id" : "deleteOldRDN",
- "type" : "boolean"
- },
- "oid" : {
- "id" : "oid",
- "type" : "string"
- },
- "version" : {
- "id" : "version",
- "type" : "string"
- },
- "reason" : {
- "id" : "reason",
- "type" : "string"
- },
- "opType": {
- "id": "opType",
- "type": "string"
- }
+ },
+ "nentries": {
+ "id": "nentries",
+ "type": "string"
+ },
+ "controls": {
+ "id": "controls",
+ "type": "array",
+ "items": {
+ "type": "string"
}
+ },
+ "additionalItems" : {
+ "id" : "additionalItems",
+ "type" : "string"
+ },
+ "failureReason" : {
+ "id" : "failureReason",
+ "type" : "string"
+ },
+ "maskedResult" : {
+ "id" : "maskedResult",
+ "type" : "integer"
+ },
+ "maskedMessage" : {
+ "id" : "maskedMessage",
+ "type" : "string"
+ },
+ "reason" : {
+ "id" : "reason",
+ "type" : "string"
}
- }
}
}
}
}
}
}
-}
\ No newline at end of file
+}
--
Gitblit v1.10.0