Audit (P2J - Progress 4GL to Java Conversion and Runtime)

java.lang.Object
- com.goldencode.p2j.security.Audit

```
class Audit
extends java.lang.Object
```
Provides controllable auditing capabilities for all security relevant events.
Auditing is controllable by /security/audit branch of the P2J directory. Various attributes of objects there specify the filtering of events and where the log records go.

Field Summary

Fields
Modifier and Type	Field and Description
`private boolean`	`active` tells whether auditing is active or not
`private boolean`	`auditFailure` flags whether to audit failed accesses
`private java.util.Set`	`auditId` set of numeric subject IDs to audit
`private boolean`	`auditSuccess` flags whether to audit successful accesses
`private boolean`	`enabled` tells whether auditing is enabled or not
`private boolean`	`filterMode` top level filters combination operation: OR (false) or AND (true)
`private java.util.logging.FileHandler`	`handler` handler that provides rotated file logs
`private int`	`logCount` log file count in the rotation ring
`private java.lang.String`	`logFile` log file pattern
`private java.util.logging.Logger`	`logger` logger to pass records to
`private int`	`logSize` log file size in K
`private AuditTarget[]`	`targets` references to audit targets in registered plugins
`private java.lang.String[]`	`types` references to abstract resource type names

Constructor Summary

Constructors
Constructor and Description
`Audit()` A package private constructor that leaves auditing disabled.
`Audit(SecurityCache sCache, java.lang.String logFile, int logSize, int logCount)` Package private constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`private boolean`	`filter(int resType, java.lang.String instance, int mode, boolean result)` Filters out audit targets.
`(package private) boolean`	`isEnabled()` Report whether auditing is enabled.
`(package private) void`	`log(int resType, java.lang.String instance, int mode, boolean result)` Creates an audit log record.
`(package private) void`	`log(int resType, java.lang.String instance, int mode, boolean result, java.lang.String message)` Creates an audit log record.
`(package private) void`	`setAuditFailure(boolean auditFailure)` Tells whether to audit failed accesses.
`(package private) void`	`setAuditId(int[] auditId)` Enables the numeric subject IDs for auditing.
`(package private) void`	`setAuditSuccess(boolean auditSuccess)` Tells whether to audit successful accesses.
`(package private) void`	`setFilterMode(boolean filterMode)` Sets the top level filter combination operation.
`(package private) void`	`start()` Activates audit log.
`(package private) void`	`stop()` Deactivates audit log.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - enabled
```
private boolean enabled
```
    tells whether auditing is enabled or not
  - active
```
private boolean active
```
    tells whether auditing is active or not
  - filterMode
```
private boolean filterMode
```
    top level filters combination operation: OR (false) or AND (true)
  - auditSuccess
```
private boolean auditSuccess
```
    flags whether to audit successful accesses
  - auditFailure
```
private boolean auditFailure
```
    flags whether to audit failed accesses
  - auditId
```
private java.util.Set auditId
```
    set of numeric subject IDs to audit
  - logger
```
private java.util.logging.Logger logger
```
    logger to pass records to
  - handler
```
private java.util.logging.FileHandler handler
```
    handler that provides rotated file logs
  - types
```
private java.lang.String[] types
```
    references to abstract resource type names
  - targets
```
private AuditTarget[] targets
```
    references to audit targets in registered plugins
  - logFile
```
private java.lang.String logFile
```
    log file pattern
  - logSize
```
private int logSize
```
    log file size in K
  - logCount
```
private int logCount
```
    log file count in the rotation ring
- Constructor Detail
  - Audit
```
Audit()
```
    A package private constructor that leaves auditing disabled.
  - Audit
```
Audit(SecurityCache sCache,
      java.lang.String logFile,
      int logSize,
      int logCount)
throws java.io.IOException
```
    Package private constructor. Must be called after the abstract resource plugins are loaded and registered, so that the number of plugins is known and they have built their audit targets.
    
    Parameters:
    
    sCache - instance of SecurityCache where this object belongs
    
    logFile - pattern for audit log files to create
    
    logSize - limit in Kbytes of each file
    
    logCount - number of files to rotate
    
    Throws:
    
    java.io.IOException - in FileHandler
- Method Detail
  - start
```
void start()
    throws java.io.IOException
```
    Activates audit log. Has no effect on disabled or already active log.
    
    Throws:
    
    java.io.IOException - if logging activation fails
  - stop
```
void stop()
```
    Deactivates audit log. Has no effect on disabled or inactive log.
  - isEnabled
```
boolean isEnabled()
```
    Report whether auditing is enabled.
    
    Returns:
    
    true if enabled, else false.
  - setFilterMode
```
void setFilterMode(boolean filterMode)
```
    Sets the top level filter combination operation.
    
    Parameters:
    
    filterMode - top level filters combination operation: OR (false) or AND (true)
  - setAuditSuccess
```
void setAuditSuccess(boolean auditSuccess)
```
    Tells whether to audit successful accesses.
    
    Parameters:
    
    auditSuccess - if true, tells to audit successful accesses
  - setAuditFailure
```
void setAuditFailure(boolean auditFailure)
```
    Tells whether to audit failed accesses.
    
    Parameters:
    
    auditFailure - if true, tells to audit failed accesses
  - setAuditId
```
void setAuditId(int[] auditId)
```
    Enables the numeric subject IDs for auditing. New set of IDs completely replaces the old one.
    
    Parameters:
    
    auditId - array of IDs to enable for auditing
  - log
```
void log(int resType,
         java.lang.String instance,
         int mode,
         boolean result)
```
    Creates an audit log record.
    Log records are text based, with multiple comma-separated values. The order of values is fixed and listed below:
    - security context - from 0 to 3 colon separated numbers;
    - resource type name;
    - resource instance name;
    - requested access mode for this instance of the resource;
    - decision made about this access.
    Parameters:
    
    resType - numeric abstract resource type (registration index)
    
    instance - resource instance name
    
    mode - resource instance access mode (requested rights)
    
    result - granted (true) or denied (false)
  - log
```
void log(int resType,
         java.lang.String instance,
         int mode,
         boolean result,
         java.lang.String message)
```
    Creates an audit log record.
    Log records are text based, with multiple comma-separated values. The order of values is fixed and listed below:
    - security context - from 0 to 3 colon separated account name[number] pairs;
    - resource type name;
    - resource instance name;
    - requested access mode for this instance of the resource;
    - decision made about this access;
    - additional message - an arbitrary string of text.
    Parameters:
    
    resType - numeric abstract resource type (registration index)
    
    instance - resource instance name
    
    mode - resource instance access mode (requested rights)
    
    message - Arbitrary text to be included into the record. May be null
    
    result - granted (true) or denied (false)
  - filter
```
private boolean filter(int resType,
                       java.lang.String instance,
                       int mode,
                       boolean result)
```
    Filters out audit targets.
    Uses numeric resource type index to get to the appropriate audit target. The decision is made based on the independent checks (listed below) and the combination operation, OR or AND.
    These checks are done independently:
    - the result parameter matches either auditSuccess or auditFailure;
    - the security context has numeric account ID matching one of those listed in auditId set;
    - the resource instance and access mode constitute a valid audit target
    If the combination operation is OR (filterMode value is false), than the final decision is true if any of the checks yields true, otherwise, all checks should yield true.
    Parameters:
    
    resType - numeric abstract resource type (registration index)
    
    instance - resource instance name
    
    mode - resource instance access mode (requested rights)
    
    result - granted (true) or denied (false)
    
    Returns:
    
    true if this combination represents a valid audit target

Class Audit

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

enabled

active

filterMode

auditSuccess

auditFailure

auditId

logger

handler

types

targets

logFile

logSize

logCount

Constructor Detail

Audit

Audit

Method Detail

start

stop

isEnabled

setFilterMode

setAuditSuccess

setAuditFailure

setAuditId

log

log

filter