/* * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Sun Microsystems, Inc. or the names of * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * This software is provided "AS IS," without a warranty of any * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY * DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR * DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN * OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that Software is not designed, licensed or * intended for use in the design, construction, operation or * maintenance of any nuclear facility. */ /* * SampleAuditModule.java */ package com.sun.examples.security.auditmodule; import javax.servlet.http.HttpServletRequest; import com.sun.appserv.security.AuditModule; import java.util.Properties; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.PrintWriter; public class SampleAuditModule extends AuditModule{ private String logFileName = null; private String logFilePath = null; private final String logFileNameProperty = "LogFileName"; private final String logFilePathProperty = "LogFilePath"; // Audit module defined methods /* Initialization of module with properties defined in the domain.xml. This method is invoked during server startup when the audit module is initially loaded. The props argument contains the properties defined for this module in domain.xml. The module can do any initialization it needs in this method. If the method return without throwing an exception S1AS will assume the module realm is ready to service audit requests. If an exception is thrown the module is disabled. */ public void init(Properties props){ log("init() invoked..."); //Get logfilename, location properties logFileName = props.getProperty(logFileNameProperty); logFilePath = props.getProperty(logFilePathProperty); if ((logFileName==null)||(logFilePath==null)){ log("Error::Failed in Audit module initialization!"); log("LogFileName and LogFilePath Properties are null!"); } } /* This method is invoked when an authentication request has been processed by a realm for the given user. The success flag indicates whether the authentication was successful or not. */ public void authentication(String user, String realm, boolean status){ logFile("authentication("+user+","+realm+","+status+") invoked..."); log("authentication("+user+","+realm+","+status+") invoked..."); } /* This method is invoked when a web container call has been processed by authorization. The success flag indicated whether the authorization was granted or denied. The req object is the standard HttpServletRequest object for this request. The type string is one of "hasUserDataPermission", "hasRoleRefPermission" or "hasResourcePermission" (see JSR-115). */ public void webInvocation(String user, HttpServletRequest req, String type, boolean status){ logFile("webInvocation("+user+","+req.getRequestURI()+","+type+","+status+") invoked..."); logFile("webInvocation("+user+","+req.getAuthType()+","+req.getRemoteUser()+","+type+","+status+") invoked..."); log("webInvocation("+user+","+req.getRequestURI()+","+type+","+status+") invoked..."); log("webInvocation("+user+","+req.getAuthType()+","+req.getRemoteUser()+","+type+","+status+") invoked..."); } /* This method is invoked when an EJB container call has been processed by authorization. The success flag indicates whether the authorization was granted or denied. The ejb and method strings describe the EJB and its method which is being invoked. */ public void ejbInvocation(String user, String ejbName, String methodName, boolean status){ logFile("ejbInvocation("+user+","+ejbName+","+methodName+","+status+") invoked..."); log("ejbInvocation("+user+","+ejbName+","+methodName+","+status+") invoked..."); } /* * This method is invoked during the appserver shutdown. * Record a string and stop the server to see whether this method is invoked or not. */ /* Commented the module as it is not exposed and not working. Tried before as document listed this. public void shutdown(){ logFile("shutdown()...Test Message before appserver down"); log("shutdown()...Invoked before appserver down"); } */ /** * Invoked upon completion of the server startup */ public void serverStarted() { logFile("serverStarted()...invoked after server started"); log("serverStarted()...invoked after server started "); } /** * Invoked upon completion of the server shutdown */ public void serverShutdown() { logFile("serverShutdown()...invoked after server shutdown"); log("serverShutdown()...invoked after server shutdown"); } /** * Invoked during validation of the web service request * @param uri The URL representation of the web service endpoint * @param endpoint The name of the endpoint representation * @param success the status of the web service request validation */ public void webServiceInvocation(String uri, String endpoint, boolean success) { logFile("webServiceInvocation("+uri+","+endpoint+","+success+") invoked..."); log("webServiceInvocation("+uri+","+endpoint+","+success+") invoked..."); } /** * Invoked during validation of the web service request * @param endpoint The representation of the web service endpoint * @param success the status of the web service request validation */ public void ejbAsWebServiceInvocation(String endpoint, boolean success) { logFile("ejbAsWebServiceInvocation("+endpoint+","+success+") invoked..."); log("ejbAsWebServiceInvocation("+endpoint+","+success+") invoked..."); } //------helper methods public void log(String mesg){ System.out.println("SampleAuditModule::"+mesg); } public void logFile(String mesg){ FileOutputStream fout = null; try{ System.out.println("writing to file:"+logFilePath+File.separator+logFileName); fout = new FileOutputStream(new File(logFilePath+File.separator+logFileName),true); PrintWriter out = new PrintWriter(fout); out.println("SampleAuditModule::"+mesg); out.flush(); }catch(Exception ex){ ex.printStackTrace(); }finally{ try{ if (fout!=null) fout.close(); }catch(Exception e){ e.printStackTrace(); } } } }