UserMgtAuditLogger.java

/*
 * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *  WSO2 Inc. licenses this file to you under the Apache License,
 *  Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */

package org.wso2.carbon.user.mgt.listeners;

import org.apache.commons.logging.Log;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

import java.util.Arrays;
import java.util.Map;

public class UserMgtAuditLogger extends AbstractIdentityUserOperationEventListener {


    private static final Log audit = CarbonConstants.AUDIT_LOG;
    private static final String SUCCESS = "Success";

    private static String AUDIT_MESSAGE = "Initiator : %s | Action : %s | Target : %s | Data : { %s } | Result : %s ";

    public boolean doPostAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims,
                                 String profile, UserStoreManager userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        StringBuilder builder = new StringBuilder();
        if (roleList != null) {
            for (int i = 0; i < roleList.length; i++) {
                builder.append(roleList[i] + ",");
            }
        }
        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Add User", userName, "Roles :"
                + builder.toString(), SUCCESS));
        return true;
    }

    public boolean doPostDeleteUser(String userName, UserStoreManager userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Delete User",
                userName, "", SUCCESS));
        return true;
    }

    public boolean doPostUpdateCredential(String userName, Object credential, UserStoreManager userStoreManager) throws
            UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Change Password by User",
                userName, "", SUCCESS));
        return true;
    }

    public boolean doPreUpdateCredentialByAdmin(String userName, Object newCredential, UserStoreManager
            userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Change Password by Administrator",
                userName, "", SUCCESS));
        return true;
    }

    public boolean doPostDeleteRole(String roleName, UserStoreManager userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Delete Role", roleName, "",
                SUCCESS));
        return true;
    }

    public boolean doPostAddRole(String roleName, String[] userList, Permission[] permissions, UserStoreManager
            userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Add Role", roleName, "Users : "
                + Arrays.toString(userList) + " Permissions : " + Arrays.toString(permissions), SUCCESS));
        return true;
    }

    public boolean doPostUpdateRoleName(String roleName, String newRoleName, UserStoreManager userStoreManager)
            throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Update Role Name", roleName,
                "Old : " + roleName + " New : " + newRoleName, SUCCESS));
        return true;
    }

    public boolean doPostUpdateUserListOfRole(String roleName, String[] deletedUsers, String[] newUsers,
                                              UserStoreManager userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Update Users of Role", roleName,
                "Users : " + Arrays.toString(newUsers), SUCCESS));
        return true;
    }

    public boolean doPostUpdateRoleListOfUser(String userName, String[] deletedRoles, String[] newRoles,
                                              UserStoreManager userStoreManager) throws UserStoreException {

        if(!isEnable()) {
            return true;
        }

        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Update Roles of User", userName,
                "Roles : " + Arrays.toString(newRoles), SUCCESS));
        return true;
    }

    private String getUser() {
        String user = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (user != null) {
            user = user + "@" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        } else {
            user = CarbonConstants.REGISTRY_SYSTEM_USERNAME;
        }
        return user;
    }
}