Commit 47b49c80 authored by michael.simon's avatar michael.simon
Browse files

Introduce more audits

parent c56f22a7
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.entity.audit;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import edu.kit.scc.webreg.entity.RegistryEntity;
@Entity(name = "AuditApprovalEntity")
public class AuditApprovalEntity extends AuditEntryEntity {
private static final long serialVersionUID = 1L;
@ManyToOne(targetEntity = RegistryEntity.class)
private RegistryEntity registry;
public RegistryEntity getRegistry() {
return registry;
}
public void setRegistry(RegistryEntity registry) {
this.registry = registry;
}
}
package edu.kit.scc.webreg.entity.audit;
import javax.persistence.metamodel.SingularAttribute;
import javax.persistence.metamodel.StaticMetamodel;
import edu.kit.scc.webreg.entity.RegistryEntity;
@StaticMetamodel(AuditApprovalEntity.class)
public class AuditApprovalEntity_ extends AuditEntryEntity_ {
public static volatile SingularAttribute<AuditApprovalEntity, RegistryEntity> registry;
}
......@@ -29,7 +29,7 @@ public class ApproverRoleApprovalWorkflow extends AbstractApprovalWorkflow {
ApprovalService approvalService = (ApprovalService) ic.lookup("global/bwreg/bwreg-service/ApprovalServiceImpl!edu.kit.scc.webreg.service.reg.ApprovalService");
approvalService.denyApproval(registry, executor);
approvalService.denyApproval(registry, executor, null);
} catch (NamingException e) {
throw new RegisterException(e);
}
......@@ -41,7 +41,7 @@ public class ApproverRoleApprovalWorkflow extends AbstractApprovalWorkflow {
ApprovalService approvalService = (ApprovalService) ic.lookup("global/bwreg/bwreg-service/ApprovalServiceImpl!edu.kit.scc.webreg.service.reg.ApprovalService");
approvalService.approve(registry, executor);
approvalService.approve(registry, executor, null);
} catch (NamingException e) {
throw new RegisterException(e);
}
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.audit;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.dao.audit.AuditDetailDao;
import edu.kit.scc.webreg.dao.audit.AuditEntryDao;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.audit.AuditApprovalEntity;
import edu.kit.scc.webreg.entity.audit.AuditEntryEntity;
public class ApprovalAuditor extends AbstractAuditor {
private AuditApprovalEntity audit;
public ApprovalAuditor(AuditEntryDao auditEntryDao,
AuditDetailDao auditDetailDao, ApplicationConfig appConfig) {
super(auditEntryDao, auditDetailDao, appConfig);
}
@Override
public AuditEntryEntity getAudit() {
if (audit == null)
audit = new AuditApprovalEntity();
return audit;
}
public void setRegistry(RegistryEntity entity) {
audit.setRegistry(entity);
}
}
......@@ -40,4 +40,8 @@ public class NullAuditor implements Auditor {
return executor;
}
@Override
public void setParent(Auditor auditor) {
}
}
......@@ -12,18 +12,31 @@ package edu.kit.scc.webreg.event;
import java.io.Serializable;
import edu.kit.scc.webreg.audit.Auditor;
public class AbstractEvent<E extends Serializable> implements Event<E> {
private static final long serialVersionUID = 1L;
private E entity;
private Auditor auditor;
public AbstractEvent(E entity) {
public AbstractEvent(E entity, Auditor auditor) {
this.entity = entity;
this.auditor = auditor;
}
public AbstractEvent(E entity) {
this(entity, null);
}
public E getEntity() {
return entity;
}
public Auditor getAuditor() {
return auditor;
}
}
......@@ -10,6 +10,7 @@
******************************************************************************/
package edu.kit.scc.webreg.event;
import edu.kit.scc.webreg.audit.Auditor;
import edu.kit.scc.webreg.entity.RegistryEntity;
public class ServiceRegisterEvent extends AbstractEvent<RegistryEntity> {
......@@ -19,4 +20,8 @@ public class ServiceRegisterEvent extends AbstractEvent<RegistryEntity> {
public ServiceRegisterEvent(RegistryEntity entity) {
super(entity);
}
public ServiceRegisterEvent(RegistryEntity entity, Auditor auditor) {
super(entity, auditor);
}
}
......@@ -10,13 +10,19 @@
******************************************************************************/
package edu.kit.scc.webreg.event;
import edu.kit.scc.webreg.audit.Auditor;
import edu.kit.scc.webreg.entity.UserEntity;
public class UserEvent extends AbstractEvent<UserEntity> {
private static final long serialVersionUID = 1L;
public UserEvent(UserEntity entity) {
super(entity);
}
public UserEvent(UserEntity entity, Auditor auditor) {
super(entity, auditor);
}
}
......@@ -236,7 +236,7 @@ public class UserUpdater implements Serializable {
user.setLastFailedUpdate(null);
if (changed) {
fireUserChangeEvent(user, auditor.getActualExecutor());
fireUserChangeEvent(user, auditor.getActualExecutor(), auditor);
}
auditor.setUser(user);
......@@ -365,9 +365,9 @@ public class UserUpdater implements Serializable {
user = userDao.persist(user);
}
protected void fireUserChangeEvent(UserEntity user, String executor) {
protected void fireUserChangeEvent(UserEntity user, String executor, Auditor auditor) {
UserEvent userEvent = new UserEvent(user);
UserEvent userEvent = new UserEvent(user, auditor);
try {
eventSubmitter.submit(userEvent, EventType.USER_UPDATE, executor);
......
......@@ -10,19 +10,20 @@
******************************************************************************/
package edu.kit.scc.webreg.service.reg;
import edu.kit.scc.webreg.audit.Auditor;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.exc.RegisterException;
public interface ApprovalService {
void registerApproval(RegistryEntity registry) throws RegisterException;
void registerApproval(RegistryEntity registry, Auditor auditor) throws RegisterException;
void approve(RegistryEntity registry, String executor) throws RegisterException;
void approve(RegistryEntity registry, String executor, Auditor auditor) throws RegisterException;
void denyApproval(RegistryEntity registry, String executor)
void denyApproval(RegistryEntity registry, String executor, Auditor auditor)
throws RegisterException;
void approve(RegistryEntity registry, String executor,
Boolean sendGroupUpdate) throws RegisterException;
Boolean sendGroupUpdate, Auditor auditor) throws RegisterException;
}
......@@ -12,6 +12,7 @@ package edu.kit.scc.webreg.service.reg;
import java.util.Set;
import edu.kit.scc.webreg.audit.Auditor;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.ServiceEntity;
......@@ -28,7 +29,7 @@ public interface RegisterUserService {
throws RegisterException;
void reconsiliation(RegistryEntity registry, Boolean fullRecon,
String executor) throws RegisterException;
String executor, Auditor parentAuditor) throws RegisterException;
void deregisterUser(RegistryEntity registry, String executor)
throws RegisterException;
......@@ -58,5 +59,12 @@ public interface RegisterUserService {
void registerUser(UserEntity user, ServiceEntity service, String executor,
Boolean sendGroupUpdate) throws RegisterException;
void reconsiliation(RegistryEntity registry, Boolean fullRecon,
String executor) throws RegisterException;
void registerUser(UserEntity user, ServiceEntity service, String executor,
Boolean sendGroupUpdate, Auditor parentAuditor)
throws RegisterException;
}
......@@ -20,7 +20,8 @@ import javax.inject.Inject;
import org.slf4j.Logger;
import edu.kit.scc.webreg.audit.ServiceRegisterAuditor;
import edu.kit.scc.webreg.audit.ApprovalAuditor;
import edu.kit.scc.webreg.audit.Auditor;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.dao.RegistryDao;
import edu.kit.scc.webreg.dao.ServiceDao;
......@@ -40,6 +41,7 @@ import edu.kit.scc.webreg.entity.ServiceGroupFlagEntity;
import edu.kit.scc.webreg.entity.ServiceGroupStatus;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.UserGroupEntity;
import edu.kit.scc.webreg.entity.audit.AuditStatus;
import edu.kit.scc.webreg.event.EventSubmitter;
import edu.kit.scc.webreg.event.MultipleGroupEvent;
import edu.kit.scc.webreg.event.ServiceRegisterEvent;
......@@ -83,7 +85,7 @@ public class ApprovalServiceImpl implements ApprovalService {
private ApplicationConfig appConfig;
@Override
public void registerApproval(RegistryEntity registry) throws RegisterException {
public void registerApproval(RegistryEntity registry, Auditor parentAuditor) throws RegisterException {
ApprovalWorkflow workflow = getApprovalWorkflowInstance(registry.getApprovalBean());
workflow.startWorkflow(registry);
registry = registryDao.persist(registry);
......@@ -98,28 +100,39 @@ public class ApprovalServiceImpl implements ApprovalService {
}
@Override
public void denyApproval(RegistryEntity registry, String executor) throws RegisterException {
public void denyApproval(RegistryEntity registry, String executor, Auditor parentAuditor) throws RegisterException {
ApprovalAuditor auditor = new ApprovalAuditor(auditDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor);
auditor.setName(this.getClass().getName() + "-ApprovalDeny-Audit");
auditor.setDetail("Deny user " + registry.getUser().getEppn() + " for service " + registry.getService().getName());
auditor.setParent(parentAuditor);
auditor.setRegistry(registry);
registry.setRegistryStatus(RegistryStatus.DELETED);
registry = registryDao.persist(registry);
ServiceRegisterEvent serviceRegisterEvent = new ServiceRegisterEvent(registry);
auditor.logAction(registry.getUser().getEppn(), "DENY APPROVAL", "registry-" + registry.getId(), "User is denied acces for service", AuditStatus.SUCCESS);
ServiceRegisterEvent serviceRegisterEvent = new ServiceRegisterEvent(registry, auditor);
List<EventEntity> eventList = new ArrayList<EventEntity>(serviceEventDao.findAllByService(registry.getService()));
try {
eventSubmitter.submit(serviceRegisterEvent, eventList, EventType.APPROVAL_DENIED, executor);
} catch (EventSubmitException e) {
logger.warn("Exeption", e);
}
}
auditor.finishAuditTrail();
}
@Override
public void approve(RegistryEntity registry, String executor)
public void approve(RegistryEntity registry, String executor, Auditor parentAuditor)
throws RegisterException {
approve(registry, executor, true);
approve(registry, executor, true, parentAuditor);
}
@Override
public void approve(RegistryEntity registry, String executor, Boolean sendGroupUpdate)
public void approve(RegistryEntity registry, String executor, Boolean sendGroupUpdate, Auditor parentAuditor)
throws RegisterException {
logger.info("Finally approving registry {} for user {} and service {}", registry.getId(),
registry.getUser().getEppn(), registry.getService().getName());
......@@ -131,10 +144,11 @@ public class ApprovalServiceImpl implements ApprovalService {
ServiceEntity serviceEntity = serviceDao.findByIdWithServiceProps(registry.getService().getId());
UserEntity userEntity = userDao.findByIdWithAll(registry.getUser().getId());
ServiceRegisterAuditor auditor = new ServiceRegisterAuditor(auditDao, auditDetailDao, appConfig);
ApprovalAuditor auditor = new ApprovalAuditor(auditDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor);
auditor.setName(workflow.getClass().getName() + "-Register-Audit");
auditor.setDetail("Register user " + userEntity.getEppn() + " for service " + serviceEntity.getName());
auditor.setName(workflow.getClass().getName() + "-ApprovalApprove-Audit");
auditor.setDetail("Approve user " + userEntity.getEppn() + " for service " + serviceEntity.getName());
auditor.setParent(parentAuditor);
auditor.setRegistry(registry);
workflow.updateRegistry(userEntity, serviceEntity, registry, auditor);
......@@ -146,6 +160,8 @@ public class ApprovalServiceImpl implements ApprovalService {
registry = registryDao.persist(registry);
auditor.logAction(registry.getUser().getEppn(), "APPROVE", "registry-" + registry.getId(), "User is approved for service", AuditStatus.SUCCESS);
HashSet<GroupEntity> userGroups = new HashSet<GroupEntity>(userEntity.getGroups().size());
for (UserGroupEntity userGroup : userEntity.getGroups()) {
......@@ -170,7 +186,7 @@ public class ApprovalServiceImpl implements ApprovalService {
}
}
ServiceRegisterEvent serviceRegisterEvent = new ServiceRegisterEvent(registry);
ServiceRegisterEvent serviceRegisterEvent = new ServiceRegisterEvent(registry, auditor);
List<EventEntity> eventList = new ArrayList<EventEntity>(serviceEventDao.findAllByService(serviceEntity));
eventSubmitter.submit(serviceRegisterEvent, eventList, EventType.SERVICE_REGISTER, executor);
......
......@@ -24,7 +24,9 @@ import javax.inject.Inject;
import org.kie.api.runtime.KieSession;
import org.slf4j.Logger;
import edu.kit.scc.webreg.audit.Auditor;
import edu.kit.scc.webreg.audit.GroupAuditor;
import edu.kit.scc.webreg.audit.RegistryAuditor;
import edu.kit.scc.webreg.audit.ServiceAuditor;
import edu.kit.scc.webreg.audit.ServiceRegisterAuditor;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
......@@ -56,6 +58,7 @@ import edu.kit.scc.webreg.entity.UserGroupEntity;
import edu.kit.scc.webreg.entity.UserStatus;
import edu.kit.scc.webreg.entity.audit.AuditDetailEntity;
import edu.kit.scc.webreg.entity.audit.AuditServiceRegisterEntity;
import edu.kit.scc.webreg.entity.audit.AuditStatus;
import edu.kit.scc.webreg.event.EventSubmitter;
import edu.kit.scc.webreg.event.MultipleGroupEvent;
import edu.kit.scc.webreg.event.ServiceRegisterEvent;
......@@ -122,10 +125,16 @@ public class RegisterUserServiceImpl implements RegisterUserService {
throws RegisterException {
registerUser(user, service, executor, true);
}
@Override
public void registerUser(UserEntity user, ServiceEntity service, String executor, Boolean sendGroupUpdate)
throws RegisterException {
registerUser(user, service, executor, sendGroupUpdate, null);
}
@Override
public void registerUser(UserEntity user, ServiceEntity service, String executor, Boolean sendGroupUpdate, Auditor parentAuditor)
throws RegisterException {
if (! UserStatus.ACTIVE.equals(user.getUserStatus())) {
logger.warn("Only Users in status ACTIVE can register with a service. User {} is {}", user.getEppn(), user.getUserStatus());
......@@ -133,14 +142,20 @@ public class RegisterUserServiceImpl implements RegisterUserService {
}
service = serviceDao.findById(service.getId());
ServiceRegisterAuditor auditor = new ServiceRegisterAuditor(auditDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor);
auditor.setName(this.getClass().getName() + "-ServiceRegister-Audit");
auditor.setDetail("Register user " + user.getEppn() + " for service " + service.getName());
auditor.setParent(parentAuditor);
if (service.getParentService() != null) {
logger.info("Service has Parent. Checking parent first.");
List<RegistryEntity> r = registryDao.findByServiceAndUserAndNotStatus(service.getParentService(), user,
RegistryStatus.DELETED, RegistryStatus.DEPROVISIONED);
if (r.size() == 0) {
logger.info("User {} is not registered with parent service {} yet", user.getEppn(), service.getParentService().getName());
registerUser(user, service.getParentService(), executor);
registerUser(user, service.getParentService(), executor, true, auditor);
}
else {
logger.debug("User {} is already registered with parent service {}", user.getEppn(), service.getParentService().getName());
......@@ -170,14 +185,19 @@ public class RegisterUserServiceImpl implements RegisterUserService {
registry.setLastStatusChange(new Date());
registry = registryDao.persist(registry);
auditor.logAction(user.getEppn(), "CREATED REGISTRY", "registry-" + registry.getId(), "Registry is created", AuditStatus.SUCCESS);
auditor.setRegistry(registry);
if (registry.getApprovalBean() != null) {
logger.debug("Registering {} for approval {}", user.getEppn(), registry.getApprovalBean());
approvalService.registerApproval(registry);
auditor.logAction(user.getEppn(), "STARTING APPROVAL", "registry-" + registry.getId(), "Approval is started: " + registry.getApprovalBean(), AuditStatus.SUCCESS);
approvalService.registerApproval(registry, auditor);
}
else {
logger.debug("No approval role for service {}. AutoApproving {}", service.getName(), user.getEppn());
approvalService.approve(registry, executor);
auditor.logAction(user.getEppn(), "STARTING AUTO APPROVE", "registry-" + registry.getId(), "Autoapproving registry", AuditStatus.SUCCESS);
approvalService.approve(registry, executor, auditor);
}
} catch (Throwable t) {
......@@ -335,9 +355,14 @@ public class RegisterUserServiceImpl implements RegisterUserService {
throw new RegisterException(t);
}
}
@Override
public final void reconsiliation(RegistryEntity registry, Boolean fullRecon, String executor) throws RegisterException {
reconsiliation(registry, fullRecon, executor, null);
}
@Override
public final void reconsiliation(RegistryEntity registry, Boolean fullRecon, String executor, Auditor parentAuditor) throws RegisterException {
RegisterUserWorkflow workflow = getWorkflowInstance(registry.getRegisterBean());
......@@ -345,10 +370,11 @@ public class RegisterUserServiceImpl implements RegisterUserService {
ServiceEntity serviceEntity = serviceDao.findById(registry.getService().getId());
UserEntity userEntity = userDao.findById(registry.getUser().getId());
ServiceRegisterAuditor auditor = new ServiceRegisterAuditor(auditDao, auditDetailDao, appConfig);
RegistryAuditor auditor = new RegistryAuditor(auditDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor);
auditor.setName(workflow.getClass().getName() + "-Reconsiliation-Audit");
auditor.setDetail("Recon user " + userEntity.getEppn() + " for service " + serviceEntity.getName());
auditor.setParent(parentAuditor);
auditor.setRegistry(registry);
Boolean missingMandatoryValues = false;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment