SecurityLoggerInInterceptor.java

/**
 * Copyright (c) Codice Foundation
 * <p/>
 * This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
 * General Public License as published by the Free Software Foundation, either version 3 of the
 * License, or any later version.
 * <p/>
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details. A copy of the GNU Lesser General Public License
 * is distributed along with this program and can be found at
 * <http://www.gnu.org/licenses/lgpl.html>.
 */
package ddf.security.interceptor;

import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;

import ddf.security.SubjectUtils;
import ddf.security.common.audit.SecurityLogger;

public class SecurityLoggerInInterceptor extends AbstractPhaseInterceptor<Message> {
    public SecurityLoggerInInterceptor() {
        super(Phase.INVOKE);
    }

    @Override
    public void handleMessage(Message message) throws Fault {
        if (!MessageUtils.isRequestor(message)) {
            Subject subject = ThreadContext.getSubject();
            if (subject != null) {
                String username = SubjectUtils.getName(subject);
                SecurityLogger.audit("{} is making an inbound request to {}.", username,
                        message.get(Message.REQUEST_URL));
            } else {
                SecurityLogger.audit("No subject associated with inbound request to {}.",
                        message.get(Message.REQUEST_URL));
            }
        }
    }
}