Package com.ibm.di.api

Class APIAuditor

  • public class APIAuditor
extends java.lang.Object
    This is the class responsible for auditing auth* events in the Server API. It defines the names of the Attributes for every Entry, which is created to store the relevant information for each audited event. The class provides methods for storing context specific audit information.
    Since:
    7.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String AUDIT_AUTH_ID_CUSTOM
      Constant representing a type of authentication.
      static java.lang.String AUDIT_AUTH_ID_HOST
      Constant representing a type of authentication.
      static java.lang.String AUDIT_AUTH_ID_JAAS
      Constant representing a type of authentication.
      static java.lang.String AUDIT_AUTH_ID_LDAP
      Constant representing a type of authentication.
      static java.lang.String AUDIT_AUTH_ID_NO
      Constant representing a type of authentication.
      static java.lang.String AUDIT_AUTH_ID_SSL
      Constant representing a type of authentication.
      static java.lang.String AUDIT_AUTHORIZATION_CLASS
      Specify the name of the field representing the audited class by the authorization events.
      static java.lang.String AUDIT_AUTHORIZATION_METHOD
      Specify the name of the field representing the audited method by the authorization events.
      static java.lang.String AUDIT_CONFIG
      Defines if possible the ConfigInstanceID on which the event has occurred.
      static java.lang.String AUDIT_DATE
      Defines the date on which the event has occurred.
      static java.lang.String AUDIT_HOSTNAME
      Defines the host name on which the TDI server is running.
      static java.lang.String AUDIT_ID
      Defines the ID of each event.
      static java.lang.String AUDIT_IP
      Defines the IP address of the client machine.
      static java.lang.String AUDIT_LOGONNAME
      Defines the name of the TDI user, who has caused the event.
      static java.lang.String AUDIT_MESSAGE_FAILURE
      Constant value used to mark the auth* event as failed.
      static java.lang.String AUDIT_MESSAGE_SUCCESS
      Constant value used to mark the auth* event as successful.
      static java.lang.String AUDIT_NAME
      Defines the name of the Attribute filled in with the name of the TDI object on which the event takes place.
      static java.lang.String AUDIT_PATH
      Defines the name of the Attribute filled in with the physical path to the TDI instance (e.g.
      static java.lang.String AUDIT_SERVER_PLATFORM
      Define the platform name on which the TDI server is running.
      static java.lang.String AUDIT_SERVER_PLATFORM_VERSION
      Define the platform version on which the TDI server is running.
      static java.lang.String AUDIT_SESSIONTYPE
      Defines the Session type.
      static java.lang.String AUDIT_SUCCESS
      Defines the result of the auth* event.
      static java.lang.String AUDIT_TYPE
      Defines the name of the attribute specifying the type of audited event.
      static java.lang.String EVT_AUDIT_AUTHENTICATE
      Define the prefix used for authentication events.
      static java.lang.String EVT_AUDIT_AUTHORIZATION_PREFIX
      Define the prefix used for authorization events.

    • Constructor Summary

      Constructors 
      Constructor Description
      APIAuditor()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void sendAuthenticationAuditData​(java.lang.String userID, boolean isSuccessful, java.lang.String authenticationType)
      The method adds specific authentication audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI.
      static void sendSessionAuditData​(java.lang.String userID, java.lang.String path, java.lang.String tdiObjectName, boolean isSuccessful, java.lang.String authorizationClass, java.lang.String authorizationMethod, java.lang.String eventID, java.lang.String eventConfigInstanceId)
      The method adds specific audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • AUDIT_TYPE

        public static final java.lang.String AUDIT_TYPE
        Defines the name of the attribute specifying the type of audited event.
        See Also:
        Constant Field Values

      • AUDIT_AUTHORIZATION_CLASS

        public static final java.lang.String AUDIT_AUTHORIZATION_CLASS
        Specify the name of the field representing the audited class by the authorization events.
        See Also:
        Constant Field Values

      • AUDIT_AUTHORIZATION_METHOD

        public static final java.lang.String AUDIT_AUTHORIZATION_METHOD
        Specify the name of the field representing the audited method by the authorization events.
        See Also:
        Constant Field Values

      • EVT_AUDIT_AUTHENTICATE

        public static final java.lang.String EVT_AUDIT_AUTHENTICATE
        Define the prefix used for authentication events.
        See Also:
        Constant Field Values

      • EVT_AUDIT_AUTHORIZATION_PREFIX

        public static final java.lang.String EVT_AUDIT_AUTHORIZATION_PREFIX
        Define the prefix used for authorization events.
        See Also:
        Constant Field Values

      • AUDIT_ID

        public static final java.lang.String AUDIT_ID
        Defines the ID of each event. By authentication events this is the type of authentication. By authorization ones, it is the same as the TDI Object name, on which authorization takes part. The two exceptions are: custom invocation of java code, where the event id is represented by the TDI server id and the name of the object is the method name; deleting tombstones using GUID - the event ID is the GUID itself.The value for the event id could be: TDI Server ID, ConfigInstance ID, Assembly Line name. If an AL name can be determined for the event, then it is stored, otherwise a Config Instance ID is used. In case this is also not possible, then the TDI server ID is provided as event ID.
        See Also:
        Constant Field Values

      • AUDIT_CONFIG

        public static final java.lang.String AUDIT_CONFIG
        Defines if possible the ConfigInstanceID on which the event has occurred.
        See Also:
        Constant Field Values

      • AUDIT_DATE

        public static final java.lang.String AUDIT_DATE
        Defines the date on which the event has occurred.
        See Also:
        Constant Field Values

      • AUDIT_LOGONNAME

        public static final java.lang.String AUDIT_LOGONNAME
        Defines the name of the TDI user, who has caused the event.
        See Also:
        Constant Field Values

      • AUDIT_SUCCESS

        public static final java.lang.String AUDIT_SUCCESS
        Defines the result of the auth* event.
        See Also:
        Constant Field Values

      • AUDIT_SERVER_PLATFORM

        public static final java.lang.String AUDIT_SERVER_PLATFORM
        Define the platform name on which the TDI server is running.
        See Also:
        Constant Field Values

      • AUDIT_SERVER_PLATFORM_VERSION

        public static final java.lang.String AUDIT_SERVER_PLATFORM_VERSION
        Define the platform version on which the TDI server is running.
        See Also:
        Constant Field Values

      • AUDIT_HOSTNAME

        public static final java.lang.String AUDIT_HOSTNAME
        Defines the host name on which the TDI server is running.
        See Also:
        Constant Field Values

      • AUDIT_IP

        public static final java.lang.String AUDIT_IP
        Defines the IP address of the client machine.
        See Also:
        Constant Field Values

      • AUDIT_SESSIONTYPE

        public static final java.lang.String AUDIT_SESSIONTYPE
        Defines the Session type.
        See Also:
        Constant Field Values

      • AUDIT_PATH

        public static final java.lang.String AUDIT_PATH
        Defines the name of the Attribute filled in with the physical path to the TDI instance (e.g. path to the config file).
        See Also:
        Constant Field Values

      • AUDIT_NAME

        public static final java.lang.String AUDIT_NAME
        Defines the name of the Attribute filled in with the name of the TDI object on which the event takes place. The value could contain: the TDI Server name, the ConfigInstance ID, or the AssemblyLine name). Two special cases are the invocation of custom java code, where the name of the method is passed as value, and the deletion of tombstones using GUID. In this case the parameter stores the GUID.
        See Also:
        Constant Field Values

      • AUDIT_MESSAGE_SUCCESS

        public static final java.lang.String AUDIT_MESSAGE_SUCCESS
        Constant value used to mark the auth* event as successful.
        See Also:
        Constant Field Values

      • AUDIT_MESSAGE_FAILURE

        public static final java.lang.String AUDIT_MESSAGE_FAILURE
        Constant value used to mark the auth* event as failed.
        See Also:
        Constant Field Values

    • Constructor Detail

      • APIAuditor

        public APIAuditor()

    • Method Detail

      • sendAuthenticationAuditData

        public static void sendAuthenticationAuditData​(java.lang.String userID,
                                               boolean isSuccessful,
                                               java.lang.String authenticationType)
        The method adds specific authentication audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI. It is called from every authentication point in the server API code, where auditing is wanted.
        Parameters:
        userID - Defines the name of the TDI user, who has caused the event.
        isSuccessful - Defines the result of the auth* event.
        authenticationType - Defines the type of authentication.

      • sendSessionAuditData

        public static void sendSessionAuditData​(java.lang.String userID,
                                        java.lang.String path,
                                        java.lang.String tdiObjectName,
                                        boolean isSuccessful,
                                        java.lang.String authorizationClass,
                                        java.lang.String authorizationMethod,
                                        java.lang.String eventID,
                                        java.lang.String eventConfigInstanceId)
        The method adds specific audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI. It is called from every point in the server API code, where auditing is wanted.
        Parameters:
        userID - Defines the name of the TDI user, who has caused the event.
        path - Stores the physical path to the TDI instance (e.g. path to the config file). By invocation of custom java code the name of the class is set as path.
        tdiObjectName - Presents the name of the TDI object, on which the event takes place. The value could be one of the following: TDI Server ID, ConfigInstance ID, AL Name or java method (by custom invocations).
        isSuccessful - Expects the result of the auth* event.
        authorizationClass - Defines the interface name for the class, where the authorization event takes place.
        authorizationMethod - Stores the name of the method, where the authorization takes place.
        eventID - Specifies an ID to the audit notification. The field is similar to the tdiObjectName parameter.
        eventConfigInstanceId - Gives the ID of the ConfigInstance, on which the authorization event is performed. Takes null, if no such ID can be assigned.