Class AuditMgrImpl
- java.lang.Object
-
- org.apache.directory.fortress.core.impl.Manageable
-
- org.apache.directory.fortress.core.impl.AuditMgrImpl
-
- All Implemented Interfaces:
Serializable
,AuditMgr
,Manageable
public class AuditMgrImpl extends Manageable implements AuditMgr, Serializable
This object performs searches across OpenLDAP's slapd access log. The access log events are persisted in BDB and available for inquiry via common LDAP protocols. Audit entries stored on behalf of Fortress operations correspond to runtime authenticationBind
, authorizationAuthZ
and modificationMod
events as they occur automatically on the server when audit is enabled.Audit Interrogator
Provides an OpenLDAP access log retrieval mechanism that enables security event monitoring.- Authentication events:
- Session enablement events
- Authorization events
- Entity mods and deletes
All events include Fortress context, see
FortEntity
.The following APIs generate events subsequently stored in this access log:
The following reports are supported using search input:
UserAudit
-
User Authentications:
List<
Bind
>AuditMgr.searchBinds(org.apache.directory.fortress.core.model.UserAudit)
-
Invalid Users AuthN:
List<
Bind
>AuditMgr.searchInvalidUsers(org.apache.directory.fortress.core.model.UserAudit)
-
User Authorizations 1:
List<
AuthZ
>AuditMgr.getUserAuthZs(org.apache.directory.fortress.core.model.UserAudit)
-
User Authorizations 2:
List<
AuthZ
>AuditMgr.searchAuthZs(org.apache.directory.fortress.core.model.UserAudit)
-
User Session Activations:
List<
Mod
>AuditMgr.searchUserSessions(org.apache.directory.fortress.core.model.UserAudit)
-
Entity Modifications:
List<
Mod
>AuditMgr.searchAdminMods(org.apache.directory.fortress.core.model.UserAudit)
This class is NOT thread safe if parent instance variables (
Manageable.contextId
orManageable.adminSess
) are set.- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.impl.Manageable
adminSess, contextId
-
-
Constructor Summary
Constructors Constructor Description AuditMgrImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<AuthZ>
getUserAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by settingUserAudit.failedOnly
.List<Mod>
searchAdminMods(UserAudit uAudit)
This method returns a list of admin operations events for a particular entityUserAudit.dn
, objectUserAudit.objName
and timestampUserAudit.beginDate
.List<AuthZ>
searchAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
, objectUserAudit.objName
, and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by setting flagUserAudit.failedOnly
..List<Bind>
searchBinds(UserAudit uAudit)
This method returns a list of authentication audit events for a particular userUserAudit.userId
, and given timestamp fieldUserAudit.beginDate
.List<AuthZ>
searchInvalidUsers(UserAudit uAudit)
This method returns a list of failed authentication attempts on behalf of an invalid identityUserAudit.userId
, and given timestampUserAudit.beginDate
.List<Mod>
searchUserSessions(UserAudit uAudit)
This method returns a list of sessions created for a given userUserAudit.userId
, and timestampUserAudit.beginDate
.-
Methods inherited from class org.apache.directory.fortress.core.impl.Manageable
assertContext, assertContext, checkAccess, getFullMethodName, setAdmin, setAdminData, setContextId, setEntitySession
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.directory.fortress.core.Manageable
setAdmin, setContextId
-
-
-
-
Method Detail
-
getUserAuthZs
public List<AuthZ> getUserAuthZs(UserAudit uAudit) throws SecurityException
This method returns a list of authorization events for a particular userUserAudit.userId
and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by settingUserAudit.failedOnly
.optional parameters
UserAudit.userId
- contains the target userIdUserAudit.beginDate
- contains the date in which to begin searchUserAudit.failedOnly
- if set to 'true', return only failed authorization events
- Specified by:
getUserAuthZs
in interfaceAuditMgr
- Parameters:
uAudit
- This entity is instantiated and populated before invocation.- Returns:
- a List of objects of type AuthZ. Each AuthZ object contains one authorization event.
- Throws:
SecurityException
- if a runtime system error occurs.
-
searchAuthZs
public List<AuthZ> searchAuthZs(UserAudit uAudit) throws SecurityException
This method returns a list of authorization events for a particular userUserAudit.userId
, objectUserAudit.objName
, and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by setting flagUserAudit.failedOnly
..required parameters
UserAudit.userId
- contains the target userIdUserAudit.objName
- contains the object (authorization resource) name
optional parameters
UserAudit.beginDate
- contains the date in which to begin searchUserAudit.failedOnly
- if set to 'true', return only failed authorization events
- Specified by:
searchAuthZs
in interfaceAuditMgr
- Parameters:
uAudit
- This entity is instantiated and populated before invocation.- Returns:
- a List of objects of type AuthZ. Each AuthZ object contains one authorization event.
- Throws:
SecurityException
- if a runtime system error occurs.
-
searchBinds
public List<Bind> searchBinds(UserAudit uAudit) throws SecurityException
This method returns a list of authentication audit events for a particular userUserAudit.userId
, and given timestamp fieldUserAudit.beginDate
.
optional parameters
UserAudit.userId
- contains the target userId-
UserAudit.beginDate
- contains the date in which to begin search UserAudit.failedOnly
- if set to 'true', return only failed authorization events
- Specified by:
searchBinds
in interfaceAuditMgr
- Parameters:
uAudit
- This entity is instantiated and populated before invocation.- Returns:
- a List of objects of type Bind. Each Bind object contains one bind event.
- Throws:
SecurityException
- if a runtime system error occurs.
-
searchUserSessions
public List<Mod> searchUserSessions(UserAudit uAudit) throws SecurityException
This method returns a list of sessions created for a given userUserAudit.userId
, and timestampUserAudit.beginDate
.
required parameters
UserAudit.userId
- contains the target userId
optional parameters
UserAudit.beginDate
- contains the date in which to begin search
- Specified by:
searchUserSessions
in interfaceAuditMgr
- Parameters:
uAudit
- This entity is instantiated and populated before invocation.- Returns:
- a List of objects of type Mod. Each Mod object in list corresponds to one update or delete event on directory.
- Throws:
SecurityException
- if a runtime system error occurs.
-
searchAdminMods
public List<Mod> searchAdminMods(UserAudit uAudit) throws SecurityException
This method returns a list of admin operations events for a particular entityUserAudit.dn
, objectUserAudit.objName
and timestampUserAudit.beginDate
. If the internal userIdUserAudit.internalUserId
is set it will limit search by that field.optional parameters
-
UserAudit.dn
- contains the LDAP distinguished name for the updated object. For example if caller wants to find out what changes were made to John Doe's user object this would be 'uid=jdoe,ou=People,dc=example,dc=com' -
UserAudit.objName
- contains the object (authorization resource) name corresponding to the event. For example if caller wants to return events where User object was modified, this would be 'updateUser' UserAudit.internalUserId
- maps to the internalUserId of user who changed the record in LDAP. This maps toUser.internalId
.UserAudit.beginDate
- contains the date in which to begin searchUserAudit.endDate
- contains the date in which to end search
- Specified by:
searchAdminMods
in interfaceAuditMgr
- Parameters:
uAudit
- This entity is instantiated and populated before invocation.- Returns:
- a List of objects of type Mod. Each Mod object in list corresponds to one update or delete event on directory.
- Throws:
SecurityException
- if a runtime system error occurs.
-
-
searchInvalidUsers
public List<AuthZ> searchInvalidUsers(UserAudit uAudit) throws SecurityException
This method returns a list of failed authentication attempts on behalf of an invalid identityUserAudit.userId
, and given timestampUserAudit.beginDate
. If theUserAudit.failedOnly
is true it will return only authentication attempts made with invalid userId. This event represents either User incorrectly entering userId during signon or possible fraudulent logon attempt by hostile agent.This event is generated when Fortress looks up User record prior to LDAP bind operation.
optional parameters
UserAudit.userId
- contains the target userIdUserAudit.beginDate
- contains the date in which to begin searchUserAudit.failedOnly
- if set to 'true', return only failed authorization events
- Specified by:
searchInvalidUsers
in interfaceAuditMgr
- Parameters:
uAudit
- This entity is instantiated and populated before invocation.- Returns:
- a List of objects of type AuthZ. Each AuthZ object contains one failed authentication event.
- Throws:
SecurityException
- if a runtime system error occurs.
-
-