SecurityLoggingPlugin.java

/**
 * Copyright (c) Codice Foundation
 * <p/>
 * This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
 * General Public License as published by the Free Software Foundation, either version 3 of the
 * License, or any later version.
 * <p/>
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details. A copy of the GNU Lesser General Public License
 * is distributed along with this program and can be found at
 * <http://www.gnu.org/licenses/lgpl.html>.
 */
package org.codice.ddf.catalog.security.logging;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;

import ddf.catalog.operation.CreateRequest;
import ddf.catalog.operation.DeleteRequest;
import ddf.catalog.operation.QueryRequest;
import ddf.catalog.operation.ResourceRequest;
import ddf.catalog.operation.UpdateRequest;
import ddf.catalog.plugin.PluginExecutionException;
import ddf.catalog.plugin.PreIngestPlugin;
import ddf.catalog.plugin.PreQueryPlugin;
import ddf.catalog.plugin.PreResourcePlugin;
import ddf.catalog.plugin.StopProcessingException;
import ddf.security.SubjectUtils;
import ddf.security.common.audit.SecurityLogger;

/**
 * Logs the current operation being performed to the security logger.
 */
public class SecurityLoggingPlugin implements PreQueryPlugin, PreIngestPlugin, PreResourcePlugin {

    private static final String NO_USER = "UNKNOWN";

    @Override
    public CreateRequest process(CreateRequest input)
            throws PluginExecutionException, StopProcessingException {
        logOperation(CatalogOperationType.INGEST);
        return input;
    }

    @Override
    public UpdateRequest process(UpdateRequest input)
            throws PluginExecutionException, StopProcessingException {
        logOperation(CatalogOperationType.UPDATE);
        return input;
    }

    @Override
    public DeleteRequest process(DeleteRequest input)
            throws PluginExecutionException, StopProcessingException {
        logOperation(CatalogOperationType.DELETE);
        return input;
    }

    @Override
    public QueryRequest process(QueryRequest input)
            throws PluginExecutionException, StopProcessingException {
        logOperation(CatalogOperationType.QUERY);
        return input;
    }

    @Override
    public ResourceRequest process(ResourceRequest input)
            throws PluginExecutionException, StopProcessingException {
        logOperation(CatalogOperationType.RESOURCE_REQUEST);
        return input;
    }

    private void logOperation(CatalogOperationType operationType) {
        String user;
        try {
            Subject subject = SecurityUtils.getSubject();
            user = SubjectUtils.getName(subject, NO_USER);
        } catch (Exception e) {
            user = NO_USER;
        }
        SecurityLogger.logInfo(
                "User [" + user + "] performing " + operationType + " operation on catalog.");
    }

    private enum CatalogOperationType {
        INGEST, UPDATE, DELETE, QUERY, RESOURCE_REQUEST
    }
}