001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.audit.impl;
018:
019: import java.sql.Connection;
020: import java.sql.PreparedStatement;
021: import java.sql.SQLException;
022: import java.sql.Timestamp;
023:
024: import javax.sql.DataSource;
025:
026: import org.apache.commons.logging.Log;
027: import org.apache.commons.logging.LogFactory;
028: import org.apache.jetspeed.audit.AuditActivity;
029: import org.springframework.orm.ojb.support.PersistenceBrokerDaoSupport;
030:
031: /**
032: * <p>
033: * Gathers information about security auditing activity
034: * </p>
035: *
036: * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
037: * @version $Id: $
038: */
039: public class AuditActivityImpl extends PersistenceBrokerDaoSupport
040: implements AuditActivity {
041: protected final static Log log = LogFactory
042: .getLog(AuditActivityImpl.class);
043:
044: protected DataSource ds;
045: protected String anonymousUser = "guest";
046: protected boolean enabled = true;
047:
048: public AuditActivityImpl(DataSource dataSource) {
049: this .ds = dataSource;
050: }
051:
052: public void setEnabled(boolean enabled) {
053: this .enabled = enabled;
054: }
055:
056: public boolean getEnabled() {
057: return this .enabled;
058: }
059:
060: public DataSource getDataSource() {
061: return ds;
062: }
063:
064: public void logAdminAttributeActivity(String adminName,
065: String ipAddress, String targetUser, String activity,
066: String name, String beforeValue, String afterValue,
067: String description) {
068: if (enabled) {
069: logAdminActivity(adminName, ipAddress, targetUser,
070: activity, description,
071: AuditActivity.CAT_ADMIN_ATTRIBUTE_MAINTENANCE,
072: name, beforeValue, afterValue);
073: }
074: }
075:
076: public void logAdminCredentialActivity(String adminName,
077: String ipAddress, String targetUser, String activity,
078: String description) {
079: if (enabled) {
080: logAdminActivity(adminName, ipAddress, targetUser,
081: activity, description,
082: AuditActivity.CAT_ADMIN_CREDENTIAL_MAINTENANCE, "",
083: "", "");
084: }
085: }
086:
087: public void logAdminAuthorizationActivity(String adminName,
088: String ipAddress, String targetUser, String activity,
089: String value, String description) {
090: if (enabled) {
091: logAdminActivity(adminName, ipAddress, targetUser,
092: activity, description,
093: AuditActivity.CAT_ADMIN_AUTHORIZATION_MAINTENANCE,
094: "", value, "");
095: }
096: }
097:
098: public void logAdminUserActivity(String adminName,
099: String ipAddress, String targetUser, String activity,
100: String description) {
101: if (enabled) {
102: logAdminActivity(adminName, ipAddress, targetUser,
103: activity, description,
104: AuditActivity.CAT_ADMIN_USER_MAINTENANCE, "", "",
105: "");
106: }
107: }
108:
109: protected void logAdminActivity(String adminName, String ipAddress,
110: String targetUser, String activity, String description,
111: String category, String name, String beforeValue,
112: String afterValue) {
113: Connection con = null;
114: PreparedStatement stm = null;
115: try {
116: Timestamp timestamp = new Timestamp(System
117: .currentTimeMillis());
118: con = ds.getConnection();
119: stm = con
120: .prepareStatement("INSERT INTO ADMIN_ACTIVITY (ACTIVITY, CATEGORY, ADMIN, USER_NAME, TIME_STAMP, IPADDRESS, ATTR_NAME, ATTR_VALUE_BEFORE, ATTR_VALUE_AFTER, DESCRIPTION) VALUES(?,?,?,?,?,?,?,?,?,?)");
121: stm.setString(1, activity);
122: stm.setString(2, category);
123: stm.setString(3, adminName);
124: stm.setString(4, targetUser);
125: stm.setTimestamp(5, timestamp);
126: stm.setString(6, ipAddress);
127: stm.setString(7, name);
128: stm.setString(8, beforeValue);
129: stm.setString(9, afterValue);
130: stm.setString(10, description);
131: stm.execute();
132: } catch (SQLException e) {
133: log.error(e);
134: } finally {
135: try {
136: if (stm != null)
137: stm.close();
138: } catch (SQLException se) {
139: }
140: releaseConnection(con);
141: }
142: }
143:
144: public void logUserActivity(String userName, String ipAddress,
145: String activity, String description) {
146: logUserActivities(userName, ipAddress, activity, "", "", "",
147: description, AuditActivity.CAT_USER_AUTHENTICATION);
148: }
149:
150: public void logUserAttributeActivity(String userName,
151: String ipAddress, String activity, String name,
152: String beforeValue, String afterValue, String description) {
153: logUserActivities(userName, ipAddress, activity, name,
154: beforeValue, afterValue, description,
155: AuditActivity.CAT_USER_ATTRIBUTE);
156: }
157:
158: protected void logUserActivities(String userName, String ipAddress,
159: String activity, String name, String beforeValue,
160: String afterValue, String description, String category) {
161: if (enabled) {
162: Connection con = null;
163: PreparedStatement stm = null;
164: try {
165: Timestamp timestamp = new Timestamp(System
166: .currentTimeMillis());
167: con = ds.getConnection();
168: stm = con
169: .prepareStatement("INSERT INTO USER_ACTIVITY (ACTIVITY, CATEGORY, USER_NAME, TIME_STAMP, IPADDRESS, ATTR_NAME, ATTR_VALUE_BEFORE, ATTR_VALUE_AFTER, DESCRIPTION) VALUES(?,?,?,?,?,?,?,?,?)");
170: stm.setString(1, activity);
171: stm.setString(2, category);
172: stm.setString(3, userName);
173: stm.setTimestamp(4, timestamp);
174: stm.setString(5, ipAddress);
175: stm.setString(6, name);
176: stm.setString(7, beforeValue);
177: stm.setString(8, afterValue);
178: stm.setString(9, description);
179: stm.executeUpdate();
180: } catch (SQLException e) {
181: // todo log to standard Jetspeed logger
182: e.printStackTrace();
183: } finally {
184: try {
185: if (stm != null)
186: stm.close();
187: } catch (SQLException se) {
188: }
189: releaseConnection(con);
190: }
191: }
192: }
193:
194: void releaseConnection(Connection con) {
195: try {
196: if (con != null)
197: con.close();
198: } catch (SQLException e) {
199: }
200: }
201: }
|