class Audit
extends java.lang.Object
Auditing is controllable by /security/audit branch of the P2J directory. Various attributes of objects there specify the filtering of events and where the log records go.
Modifier and Type | Field and Description |
---|---|
private boolean |
active
tells whether auditing is active or not
|
private boolean |
auditFailure
flags whether to audit failed accesses
|
private java.util.Set |
auditId
set of numeric subject IDs to audit
|
private boolean |
auditSuccess
flags whether to audit successful accesses
|
private boolean |
enabled
tells whether auditing is enabled or not
|
private boolean |
filterMode
top level filters combination operation: OR (false) or AND (true)
|
private java.util.logging.FileHandler |
handler
handler that provides rotated file logs
|
private int |
logCount
log file count in the rotation ring
|
private java.lang.String |
logFile
log file pattern
|
private java.util.logging.Logger |
logger
logger to pass records to
|
private int |
logSize
log file size in K
|
private AuditTarget[] |
targets
references to audit targets in registered plugins
|
private java.lang.String[] |
types
references to abstract resource type names
|
Constructor and Description |
---|
Audit()
A package private constructor that leaves auditing disabled.
|
Audit(SecurityCache sCache,
java.lang.String logFile,
int logSize,
int logCount)
Package private constructor.
|
Modifier and Type | Method and Description |
---|---|
private boolean |
filter(int resType,
java.lang.String instance,
int mode,
boolean result)
Filters out audit targets.
|
(package private) boolean |
isEnabled()
Report whether auditing is enabled.
|
(package private) void |
log(int resType,
java.lang.String instance,
int mode,
boolean result)
Creates an audit log record.
|
(package private) void |
log(int resType,
java.lang.String instance,
int mode,
boolean result,
java.lang.String message)
Creates an audit log record.
|
(package private) void |
setAuditFailure(boolean auditFailure)
Tells whether to audit failed accesses.
|
(package private) void |
setAuditId(int[] auditId)
Enables the numeric subject IDs for auditing.
|
(package private) void |
setAuditSuccess(boolean auditSuccess)
Tells whether to audit successful accesses.
|
(package private) void |
setFilterMode(boolean filterMode)
Sets the top level filter combination operation.
|
(package private) void |
start()
Activates audit log.
|
(package private) void |
stop()
Deactivates audit log.
|
private boolean enabled
private boolean active
private boolean filterMode
private boolean auditSuccess
private boolean auditFailure
private java.util.Set auditId
private java.util.logging.Logger logger
private java.util.logging.FileHandler handler
private java.lang.String[] types
private AuditTarget[] targets
private java.lang.String logFile
private int logSize
private int logCount
Audit()
Audit(SecurityCache sCache, java.lang.String logFile, int logSize, int logCount) throws java.io.IOException
sCache
- instance of SecurityCache
where this object belongslogFile
- pattern for audit log files to createlogSize
- limit in Kbytes of each filelogCount
- number of files to rotatejava.io.IOException
- in FileHandler
void start() throws java.io.IOException
java.io.IOException
- if logging activation failsvoid stop()
boolean isEnabled()
true
if enabled, else false
.void setFilterMode(boolean filterMode)
filterMode
- top level filters combination operation: OR (false
)
or AND (true
)void setAuditSuccess(boolean auditSuccess)
auditSuccess
- if true
, tells to audit successful accessesvoid setAuditFailure(boolean auditFailure)
auditFailure
- if true
, tells to audit failed accessesvoid setAuditId(int[] auditId)
auditId
- array of IDs to enable for auditingvoid log(int resType, java.lang.String instance, int mode, boolean result)
Log records are text based, with multiple comma-separated values. The order of values is fixed and listed below:
resType
- numeric abstract resource type (registration index)instance
- resource instance namemode
- resource instance access mode (requested rights)result
- granted (true
) or denied (false
)void log(int resType, java.lang.String instance, int mode, boolean result, java.lang.String message)
Log records are text based, with multiple comma-separated values. The order of values is fixed and listed below:
resType
- numeric abstract resource type (registration index)instance
- resource instance namemode
- resource instance access mode (requested rights)message
- Arbitrary text to be included into the record. May be
null
result
- granted (true
) or denied (false
)private boolean filter(int resType, java.lang.String instance, int mode, boolean result)
Uses numeric resource type index to get to the appropriate audit target. The decision is made based on the independent checks (listed below) and the combination operation, OR or AND.
These checks are done independently:
true
if any of the checks yields
true
, otherwise, all checks should yield true
.resType
- numeric abstract resource type (registration index)instance
- resource instance namemode
- resource instance access mode (requested rights)result
- granted (true
) or denied (false
)true
if this combination represents a valid audit
target