You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2012/03/14 17:28:55 UTC
svn commit: r1300621 - in /incubator/syncope/trunk:
client/src/main/java/org/syncope/types/
core/src/main/java/org/syncope/core/rest/controller/
core/src/main/java/org/syncope/core/security/
Author: ilgrosso
Date: Wed Mar 14 16:28:54 2012
New Revision: 1300621
URL: http://svn.apache.org/viewvc?rev=1300621&view=rev
Log:
[SYNCOPE-20] Added audit features for logger, configuration and connector
Modified:
incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java
incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConfigurationController.java
incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConnInstanceController.java
incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/LoggerController.java
incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeAuthenticationProvider.java
Modified: incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java?rev=1300621&r1=1300620&r2=1300621&view=diff
==============================================================================
--- incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java (original)
+++ incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java Wed Mar 14 16:28:54 2012
@@ -55,6 +55,20 @@ public class AuditElements {
result = EnumSet.allOf(AuthenticationSubCategory.class);
break;
+ case configuration:
+ result = EnumSet.allOf(ConfigurationSubCategory.class);
+ break;
+
+ case connector:
+ result = EnumSet.allOf(ConnectorSubCategory.class);
+ break;
+
+
+ case logger:
+ result = EnumSet.allOf(LoggerSubCategory.class);
+ break;
+
+
default:
result = null;
}
@@ -68,4 +82,40 @@ public class AuditElements {
getEntitlements
}
+
+ public enum ConfigurationSubCategory {
+
+ list,
+ create,
+ read,
+ update,
+ delete,
+ getMailTemplates,
+ getValidators,
+ dbExport
+
+ }
+
+ public enum ConnectorSubCategory {
+
+ list,
+ create,
+ read,
+ update,
+ delete,
+ getBundles,
+ getSchemaNames,
+ getConfigurationProperties,
+ check,
+ readConnectorBean
+
+ }
+
+ public enum LoggerSubCategory {
+
+ list,
+ setLevel,
+ delete
+
+ }
}
Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConfigurationController.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConfigurationController.java?rev=1300621&r1=1300620&r2=1300621&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConfigurationController.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConfigurationController.java Wed Mar 14 16:28:54 2012
@@ -41,18 +41,25 @@ import org.springframework.web.bind.anno
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import org.syncope.client.to.ConfigurationTO;
+import org.syncope.core.audit.AuditManager;
import org.syncope.core.persistence.beans.SyncopeConf;
import org.syncope.core.persistence.dao.ConfDAO;
import org.syncope.core.persistence.dao.MissingConfKeyException;
import org.syncope.core.persistence.validation.attrvalue.Validator;
import org.syncope.core.rest.data.ConfigurationDataBinder;
import org.syncope.core.util.ImportExport;
+import org.syncope.types.AuditElements.Category;
+import org.syncope.types.AuditElements.ConfigurationSubCategory;
+import org.syncope.types.AuditElements.Result;
@Controller
@RequestMapping("/configuration")
public class ConfigurationController extends AbstractController {
@Autowired
+ private AuditManager auditManager;
+
+ @Autowired
private ConfDAO confDAO;
@Autowired
@@ -74,6 +81,9 @@ public class ConfigurationController ext
SyncopeConf conf = configurationDataBinder.createSyncopeConfiguration(configurationTO);
conf = confDAO.save(conf);
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.create, Result.success,
+ "Successfully created conf: " + conf.getKey());
+
response.setStatus(HttpServletResponse.SC_CREATED);
return configurationDataBinder.getConfigurationTO(conf);
@@ -86,6 +96,9 @@ public class ConfigurationController ext
confDAO.find(key);
confDAO.delete(key);
+
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.delete, Result.success,
+ "Successfully deleted conf: " + key);
}
@PreAuthorize("hasRole('CONFIGURATION_LIST')")
@@ -98,6 +111,9 @@ public class ConfigurationController ext
configurationTOs.add(configurationDataBinder.getConfigurationTO(configuration));
}
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.list, Result.success,
+ "Successfully listed all confs: " + configurationTOs.size());
+
return configurationTOs;
}
@@ -111,11 +127,17 @@ public class ConfigurationController ext
try {
SyncopeConf conf = confDAO.find(key);
result = configurationDataBinder.getConfigurationTO(conf);
+
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.read, Result.success,
+ "Successfully read conf: " + key);
} catch (MissingConfKeyException e) {
LOG.error("Could not find configuration key '" + key + "', returning null");
result = new ConfigurationTO();
result.setKey(key);
+
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.read, Result.failure,
+ "Could not read conf: " + key);
}
return result;
@@ -128,11 +150,13 @@ public class ConfigurationController ext
@RequestBody final ConfigurationTO configurationTO)
throws MissingConfKeyException {
- SyncopeConf syncopeConfiguration = confDAO.find(configurationTO.getKey());
+ SyncopeConf conf = confDAO.find(configurationTO.getKey());
+ conf.setValue(configurationTO.getValue());
- syncopeConfiguration.setValue(configurationTO.getValue());
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.update, Result.success,
+ "Successfully updated conf: " + conf.getKey());
- return configurationDataBinder.getConfigurationTO(syncopeConfiguration);
+ return configurationDataBinder.getConfigurationTO(conf);
}
@PreAuthorize("hasRole('CONFIGURATION_LIST')")
@@ -162,6 +186,9 @@ public class ConfigurationController ext
LOG.error("While searching for class implementing {}", Validator.class.getName(), e);
}
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.getValidators, Result.success,
+ "Successfully listed all validators: " + validators.size());
+
return new ModelAndView().addObject(validators);
}
@@ -194,6 +221,9 @@ public class ConfigurationController ext
// Only templates available both as HTML and TEXT are considered
htmlTemplates.retainAll(textTemplates);
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.getMailTemplates, Result.success,
+ "Successfully listed all mail templates: " + htmlTemplates.size());
+
return new ModelAndView().addObject(htmlTemplates);
}
@@ -207,9 +237,13 @@ public class ConfigurationController ext
try {
importExport.export(response.getOutputStream());
- LOG.debug("Default content successfully exported");
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.dbExport, Result.success,
+ "Successfully exported database content");
+ LOG.debug("Databse content successfully exported");
} catch (Throwable t) {
- LOG.error("While exporting content", t);
+ auditManager.audit(Category.configuration, ConfigurationSubCategory.dbExport, Result.failure,
+ "Could not export database content");
+ LOG.error("While exporting database content", t);
}
}
}
Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConnInstanceController.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConnInstanceController.java?rev=1300621&r1=1300620&r2=1300621&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConnInstanceController.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/ConnInstanceController.java Wed Mar 14 16:28:54 2012
@@ -48,6 +48,7 @@ import org.syncope.client.to.ConnBundleT
import org.syncope.client.to.ConnInstanceTO;
import org.syncope.client.validation.SyncopeClientCompositeErrorException;
import org.syncope.client.validation.SyncopeClientException;
+import org.syncope.core.audit.AuditManager;
import org.syncope.core.init.ConnInstanceLoader;
import org.syncope.core.persistence.beans.ConnInstance;
import org.syncope.core.persistence.beans.ExternalResource;
@@ -57,6 +58,9 @@ import org.syncope.core.persistence.dao.
import org.syncope.core.propagation.ConnectorFacadeProxy;
import org.syncope.core.rest.data.ConnInstanceDataBinder;
import org.syncope.core.util.ConnBundleManager;
+import org.syncope.types.AuditElements.Category;
+import org.syncope.types.AuditElements.ConnectorSubCategory;
+import org.syncope.types.AuditElements.Result;
import org.syncope.types.ConnConfPropSchema;
import org.syncope.types.ConnConfProperty;
import org.syncope.types.SyncopeClientExceptionType;
@@ -66,6 +70,9 @@ import org.syncope.types.SyncopeClientEx
public class ConnInstanceController extends AbstractController {
@Autowired
+ private AuditManager auditManager;
+
+ @Autowired
private ResourceDAO resourceDAO;
@Autowired
@@ -92,7 +99,12 @@ public class ConnInstanceController exte
try {
connInstance = connInstanceDAO.save(connInstance);
+ auditManager.audit(Category.connector, ConnectorSubCategory.create, Result.success,
+ "Successfully created connector instance: " + connInstance.getDisplayName());
} catch (Throwable t) {
+ auditManager.audit(Category.connector, ConnectorSubCategory.create, Result.failure,
+ "Could not create connector instance: " + connectorTO.getDisplayName());
+
SyncopeClientCompositeErrorException scce =
new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);
@@ -119,13 +131,18 @@ public class ConnInstanceController exte
try {
connInstance = connInstanceDAO.save(connInstance);
- } catch (RuntimeException e) {
+ auditManager.audit(Category.connector, ConnectorSubCategory.update, Result.success,
+ "Successfully update connector instance: " + connInstance.getDisplayName());
+ } catch (Throwable t) {
+ auditManager.audit(Category.connector, ConnectorSubCategory.create, Result.failure,
+ "Could not update connector instance: " + connectorTO.getDisplayName());
+
SyncopeClientCompositeErrorException scce =
new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);
SyncopeClientException invalidConnInstance =
new SyncopeClientException(SyncopeClientExceptionType.InvalidConnInstance);
- invalidConnInstance.addElement(e.getMessage());
+ invalidConnInstance.addElement(t.getMessage());
scce.addException(invalidConnInstance);
throw scce;
@@ -159,6 +176,8 @@ public class ConnInstanceController exte
}
connInstanceDAO.delete(connectorId);
+ auditManager.audit(Category.connector, ConnectorSubCategory.delete, Result.success,
+ "Successfully deleted connector instance: " + connectorId);
}
@PreAuthorize("hasRole('CONNECTOR_LIST')")
@@ -183,6 +202,9 @@ public class ConnInstanceController exte
}
}
+ auditManager.audit(Category.connector, ConnectorSubCategory.list, Result.success,
+ "Successfully listed all connectors: " + connInstanceTOs.size());
+
return connInstanceTOs;
}
@@ -193,11 +215,13 @@ public class ConnInstanceController exte
throws NotFoundException {
ConnInstance connInstance = connInstanceDAO.find(connectorId);
-
if (connInstance == null) {
throw new NotFoundException("Connector '" + connectorId + "'");
}
+ auditManager.audit(Category.connector, ConnectorSubCategory.read, Result.success,
+ "Successfully read connector: " + connInstance.getDisplayName());
+
return binder.getConnInstanceTO(connInstance);
}
@@ -276,6 +300,9 @@ public class ConnInstanceController exte
}
}
+ auditManager.audit(Category.connector, ConnectorSubCategory.getBundles, Result.success,
+ "Successfully listed all bundles: " + connectorBundleTOs.size());
+
return connectorBundleTOs;
}
@@ -288,7 +315,6 @@ public class ConnInstanceController exte
throws NotFoundException {
final ConnInstance connInstance = connInstanceDAO.find(connectorTO.getId());
-
if (connInstance == null) {
throw new NotFoundException("Connector '" + connectorTO.getId() + "'");
}
@@ -308,6 +334,10 @@ public class ConnInstanceController exte
Collections.sort(result);
+ auditManager.audit(Category.connector, ConnectorSubCategory.getSchemaNames, Result.success,
+ "Successfully listed all schema names (" + result.size()
+ + ") for connector " + connInstance.getDisplayName());
+
return result;
}
@@ -317,11 +347,18 @@ public class ConnInstanceController exte
public List<ConnConfProperty> getConfigurationProperties(@PathVariable("connectorId") final Long connectorId)
throws NotFoundException {
- final ConnInstance connector = connInstanceDAO.find(connectorId);
- if (connector == null) {
+ final ConnInstance connInstance = connInstanceDAO.find(connectorId);
+ if (connInstance == null) {
throw new NotFoundException("Connector '" + connectorId + "'");
}
- return new ArrayList<ConnConfProperty>(connector.getConfiguration());
+
+ List<ConnConfProperty> result = new ArrayList<ConnConfProperty>(connInstance.getConfiguration());
+
+ auditManager.audit(Category.connector, ConnectorSubCategory.getConfigurationProperties, Result.success,
+ "Successfully listed all conf properties (" + result.size()
+ + ") for connector " + connInstance.getDisplayName());
+
+ return result;
}
@PreAuthorize("hasRole('CONNECTOR_READ')")
@@ -333,13 +370,22 @@ public class ConnInstanceController exte
final ConnectorFacadeProxy connector =
new ConnectorFacadeProxy(binder.getConnInstance(connectorTO), bundleManager);
+ boolean result;
try {
connector.test();
- return new ModelAndView().addObject(true);
+ result = true;
+
+ auditManager.audit(Category.connector, ConnectorSubCategory.check, Result.success,
+ "Successfully checked connector: " + connectorTO);
} catch (Exception ex) {
+ auditManager.audit(Category.connector, ConnectorSubCategory.check, Result.failure,
+ "Unsuccessful check for connector: " + connectorTO);
+
LOG.error("Test connection failure {}", ex);
- return new ModelAndView().addObject(false);
+ result = false;
}
+
+ return new ModelAndView().addObject(result);
}
/**
@@ -384,14 +430,15 @@ public class ConnInstanceController exte
throws NotFoundException {
ExternalResource resource = resourceDAO.find(resourceName);
-
if (resource == null) {
- LOG.error("Could not find resource '" + resourceName + "'");
throw new NotFoundException("Resource '" + resourceName + "'");
}
final ConnectorFacadeProxy connector = connLoader.getConnector(resource);
+ auditManager.audit(Category.connector, ConnectorSubCategory.readConnectorBean, Result.success,
+ "Successfully read connector for resource: " + resourceName);
+
return binder.getConnInstanceTO(connector.getActiveConnInstance());
}
}
Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/LoggerController.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/LoggerController.java?rev=1300621&r1=1300620&r2=1300621&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/LoggerController.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/LoggerController.java Wed Mar 14 16:28:54 2012
@@ -37,8 +37,12 @@ import org.springframework.web.bind.anno
import org.syncope.client.to.LoggerTO;
import org.syncope.client.validation.SyncopeClientCompositeErrorException;
import org.syncope.client.validation.SyncopeClientException;
+import org.syncope.core.audit.AuditManager;
import org.syncope.core.persistence.beans.SyncopeLogger;
import org.syncope.core.persistence.dao.LoggerDAO;
+import org.syncope.types.AuditElements.Category;
+import org.syncope.types.AuditElements.LoggerSubCategory;
+import org.syncope.types.AuditElements.Result;
import org.syncope.types.SyncopeClientExceptionType;
import org.syncope.types.SyncopeLoggerLevel;
import org.syncope.types.SyncopeLoggerType;
@@ -48,6 +52,9 @@ import org.syncope.types.SyncopeLoggerTy
public class LoggerController extends AbstractController {
@Autowired
+ private AuditManager auditManager;
+
+ @Autowired
private LoggerDAO loggerDAO;
private List<LoggerTO> list(final SyncopeLoggerType type) {
@@ -58,6 +65,9 @@ public class LoggerController extends Ab
result.add(loggerTO);
}
+ auditManager.audit(Category.logger, LoggerSubCategory.list, Result.success,
+ "Successfully listed all loggers (" + type + "): " + result.size());
+
return result;
}
@@ -108,6 +118,10 @@ public class LoggerController extends Ab
LoggerTO result = new LoggerTO();
BeanUtils.copyProperties(syncopeLogger, result);
+
+ auditManager.audit(Category.logger, LoggerSubCategory.setLevel, Result.success,
+ String.format("Successfully set level %s to logger %s (%s)", level, name, expectedType));
+
return result;
}
@@ -140,6 +154,9 @@ public class LoggerController extends Ab
LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory();
Logger logger = lc.getLogger(name);
logger.setLevel(Level.OFF);
+
+ auditManager.audit(Category.logger, LoggerSubCategory.setLevel, Result.success,
+ String.format("Successfully deleted logger %s (%s)", name, expectedType));
}
@PreAuthorize("hasRole('LOG_DELETE')")
Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeAuthenticationProvider.java?rev=1300621&r1=1300620&r2=1300621&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeAuthenticationProvider.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeAuthenticationProvider.java Wed Mar 14 16:28:54 2012
@@ -30,9 +30,13 @@ import org.springframework.security.core
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.transaction.annotation.Transactional;
+import org.syncope.core.audit.AuditManager;
import org.syncope.core.persistence.beans.user.SyncopeUser;
import org.syncope.core.persistence.dao.UserDAO;
import org.syncope.types.CipherAlgorithm;
+import org.syncope.types.AuditElements.AuthenticationSubCategory;
+import org.syncope.types.AuditElements.Category;
+import org.syncope.types.AuditElements.Result;
@Configurable
public class SyncopeAuthenticationProvider implements AuthenticationProvider {
@@ -43,6 +47,9 @@ public class SyncopeAuthenticationProvid
private static final Logger LOG = LoggerFactory.getLogger(SyncopeAuthenticationProvider.class);
@Autowired
+ private AuditManager auditManager;
+
+ @Autowired
private UserDAO userDAO;
private SyncopeUserDetailsService userDetailsService;
@@ -118,7 +125,10 @@ public class SyncopeAuthenticationProvid
result = token;
- LOG.debug("User {} authenticated with roles {}", authentication.getPrincipal(), token.getAuthorities());
+ auditManager.audit(Category.authentication, AuthenticationSubCategory.login, Result.success,
+ "Successfully authenticated, with roles: " + token.getAuthorities());
+ LOG.debug("User {} successfully authenticated, with roles {}",
+ authentication.getPrincipal(), token.getAuthorities());
if (user != null) {
user.setLastLoginDate(new Date());
@@ -132,6 +142,8 @@ public class SyncopeAuthenticationProvid
userDAO.save(user);
}
+ auditManager.audit(Category.authentication, AuthenticationSubCategory.login, Result.failure,
+ "User " + authentication.getPrincipal() + " not authenticated");
LOG.debug("User {} not authenticated", authentication.getPrincipal());
throw new BadCredentialsException("User " + authentication.getPrincipal() + " not authenticated");