Author: jtravis Date: 2007-09-19 17:57:08 -0700 (Wed, 19 Sep 2007) New Revision: 5955 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=5955 Added: trunk/sql/common/Audit.hbm.xml trunk/src/org/hyperic/hq/appdef/server/session/AIAudit.java trunk/src/org/hyperic/hq/auth/server/session/UserAudit.java trunk/src/org/hyperic/hq/authz/server/session/AuthzSubjectField.java trunk/src/org/hyperic/hq/authz/server/session/ResourceDeleteCallback.java trunk/src/org/hyperic/hq/bizapp/server/session/SystemAudit.java trunk/src/org/hyperic/hq/common/server/session/Audit.java trunk/src/org/hyperic/hq/common/server/session/AuditDAO.java trunk/src/org/hyperic/hq/common/server/session/AuditImportance.java trunk/src/org/hyperic/hq/common/server/session/AuditManagerEJBImpl.java trunk/src/org/hyperic/hq/common/server/session/AuditPurpose.java trunk/src/org/hyperic/hq/common/server/session/AuditSortField.java trunk/src/org/hyperic/hq/common/server/session/CommonStartupListener.java trunk/src/org/hyperic/hq/common/server/session/ResourceAudit.java trunk/src/org/hyperic/hq/hqu/rendit_sys/helpers/AuditHelper.groovy trunk/ui_plugins/auditcenter/ trunk/ui_plugins/auditcenter/app/ trunk/ui_plugins/auditcenter/app/AuditController.groovy trunk/ui_plugins/auditcenter/etc/ trunk/ui_plugins/auditcenter/etc/auditcenter_i18n.properties trunk/ui_plugins/auditcenter/init.groovy trunk/ui_plugins/auditcenter/views/ trunk/ui_plugins/auditcenter/views/audit/ trunk/ui_plugins/auditcenter/views/audit/index.gsp trunk/ui_plugins/auditcenter/views/templates/ trunk/ui_plugins/auditcenter/views/templates/standard.gsp Modified: trunk/etc/startup_classes.txt trunk/src/org/hyperic/hq/appdef/Resources.properties trunk/src/org/hyperic/hq/appdef/server/session/AIQueueManagerEJBImpl.java trunk/src/org/hyperic/hq/authz/Resources.properties trunk/src/org/hyperic/hq/authz/server/session/ResourceManagerEJBImpl.java trunk/src/org/hyperic/hq/authz/shared/AuthzConstants.java trunk/src/org/hyperic/hq/autoinventory/server/session/RuntimeReportProcessor.java trunk/src/org/hyperic/hq/bizapp/Resources.properties trunk/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java trunk/src/org/hyperic/hq/common/Resources.properties trunk/src/org/hyperic/hq/hqu/rendit_sys/BaseController.groovy Log: Add basic auditing to authzsubject and resources Modified: trunk/etc/startup_classes.txt =================================================================== --- trunk/etc/startup_classes.txt 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/etc/startup_classes.txt 2007-09-20 00:57:08 UTC (rev 5955) @@ -1,4 +1,6 @@ org.hyperic.hq.authz.server.session.GroupingStartupListener +org.hyperic.hq.authz.server.session.AuthzStartupListener +org.hyperic.hq.common.server.session.CommonStartupListener org.hyperic.hq.appdef.server.session.AppdefStartupListener org.hyperic.hq.autoinventory.server.session.AIStartupListener org.hyperic.hq.measurement.server.session.MeasurementStartupListener Added: trunk/sql/common/Audit.hbm.xml =================================================================== --- trunk/sql/common/Audit.hbm.xml (rev 0) +++ trunk/sql/common/Audit.hbm.xml 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="iso-8859-1"?> + +<!DOCTYPE hibernate-mapping PUBLIC + "-//Hibernate/Hibernate Mapping DTD 3.0//EN" + "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd"> + +<hibernate-mapping package="org.hyperic.hq.common.server.session"> + <class name="Audit" table="EAM_AUDIT"> + + <cache usage="read-write" /> + + <id name="id" type="integer"> + <column name="ID" not-null="true" /> + <generator class="sequence"> + <param name="sequence">EAM_AUDIT_ID_SEQ</param> + </generator> + </id> + + <discriminator column="KLAZZ" type="string"/> + + <version name="_version_" type="long"> + <column name="VERSION_COL" default="0" /> + </version> + + <property name="klazz" insert="false" update="false"> + <column name="KLAZZ" not-null="true"/> + </property> + + <property name="startTime"> + <column name="START_TIME" not-null="true"/> + </property> + + <property name="endTime"> + <column name="END_TIME" not-null="true"/> + </property> + + <property name="purposeEnum"> + <column name="PURPOSE" not-null="true"/> + </property> + + <property name="importanceEnum"> + <column name="IMPORTANCE" not-null="true"/> + </property> + + <property name="original"> + <column name="ORIGINAL" not-null="true"/> + </property> + + <property name="fieldName"> + <column name="FIELD" not-null="false"/> + </property> + + <property name="oldFieldValue"> + <column name="OLD_VAL" length="1000" not-null="false"/> + </property> + + <property name="newFieldValue"> + <column name="NEW_VAL" length="1000" not-null="false"/> + </property> + + <property name="message"> + <column name="MESSAGE" length="1000" not-null="true"/> + </property> + + <many-to-one name="parent"> + <column name="PARENT_ID" index="PARENT_ID_IDX" not-null="false"/> + </many-to-one> + + <bag name="childrenBag" table="EAM_AUDIT" cascade="all-delete-orphan" + inverse="true"> + <cache usage="read-write"/> + <key column="PARENT_ID" /> + <one-to-many class="Audit"/> + </bag> + + <many-to-one name="resource"> + <column name="RESOURCE_ID" index="RESOURCE_ID_IDX" not-null="true"/> + </many-to-one> + + <many-to-one name="subject"> + <column name="SUBJECT_ID" index="SUBJECT_ID_IDX" not-null="true"/> + </many-to-one> + + <subclass name="ResourceAudit" discriminator-value="resource"/> + <subclass name="org.hyperic.hq.appdef.server.session.AIAudit" + discriminator-value="ai"/> + <subclass name="org.hyperic.hq.bizapp.server.session.SystemAudit" + discriminator-value="system"/> + <subclass name="org.hyperic.hq.auth.server.session.UserAudit" + discriminator-value="user"/> + + </class> +</hibernate-mapping> Modified: trunk/src/org/hyperic/hq/appdef/Resources.properties =================================================================== --- trunk/src/org/hyperic/hq/appdef/Resources.properties 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/appdef/Resources.properties 2007-09-20 00:57:08 UTC (rev 5955) @@ -1,3 +1,10 @@ auxlog.appdef=Auxillary Resource Data cluster.inUse=Unable to delete cluster, it is in use by an application + +audit.import.approve=AutoInventory Approval +audit.import.runtime=AutoInventory Runtime Report Import + +auditMsg.import.approve=AutoInventory changes were approved +auditMsg.import.runtime=HQ imported service changes from the agent at {0} + Added: trunk/src/org/hyperic/hq/appdef/server/session/AIAudit.java =================================================================== --- trunk/src/org/hyperic/hq/appdef/server/session/AIAudit.java (rev 0) +++ trunk/src/org/hyperic/hq/appdef/server/session/AIAudit.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,87 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ +package org.hyperic.hq.appdef.server.session; + +import org.hyperic.hq.appdef.Agent; +import org.hyperic.hq.authz.server.session.AuthzSubject; +import org.hyperic.hq.authz.server.session.AuthzSubjectManagerEJBImpl; +import org.hyperic.hq.authz.server.session.Resource; +import org.hyperic.hq.authz.server.session.ResourceManagerEJBImpl; +import org.hyperic.hq.common.server.session.Audit; +import org.hyperic.hq.common.server.session.AuditImportance; +import org.hyperic.hq.common.server.session.AuditManagerEJBImpl; +import org.hyperic.hq.common.server.session.AuditPurpose; +import org.hyperic.util.i18n.MessageBundle; + +public class AIAudit extends Audit { + private static final MessageBundle MSGS = + MessageBundle.getBundle("org.hyperic.hq.appdef.Resources"); + + public static final AIAuditPurpose IMPORT_RUNTIME = + new AIAuditPurpose(0x1000, "runtime import", "audit.import.runtime"); + public static final AIAuditPurpose IMPORT_APPROVE = + new AIAuditPurpose(0x1001, "approve import", "audit.import.approve"); + + public static class AIAuditPurpose extends AuditPurpose { + AIAuditPurpose(int code, String desc, String localeProp) { + super(code, desc, localeProp, MSGS.getResourceBundle()); + } + } + + protected AIAudit() {} + + AIAudit(AuthzSubject s, Resource r, AuditPurpose p, AuditImportance i, + String msg) + { + super(s, r, p, i, msg); + } + + private static Resource getRootResource() { + Integer ROOT_ID = new Integer(0); + + return ResourceManagerEJBImpl.getOne().findResourcePojoById(ROOT_ID); + } + + public static AIAudit newImportAudit(AuthzSubject user) { + AIAudit res = new AIAudit(user, getRootResource(), IMPORT_APPROVE, + AuditImportance.HIGH, + MSGS.format("auditMsg.import.approve")); + + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } + + public static AIAudit newRuntimeImportAudit(Agent reporter) { + AuthzSubject overlord = + AuthzSubjectManagerEJBImpl.getOne().getOverlordPojo(); + AIAudit res = new AIAudit(overlord, getRootResource(), IMPORT_RUNTIME, + AuditImportance.MEDIUM, + MSGS.format("auditMsg.import.runtime", + reporter.getAddress())); + + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } +} Modified: trunk/src/org/hyperic/hq/appdef/server/session/AIQueueManagerEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/appdef/server/session/AIQueueManagerEJBImpl.java 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/appdef/server/session/AIQueueManagerEJBImpl.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -25,12 +25,14 @@ package org.hyperic.hq.appdef.server.session; +import java.text.MessageFormat; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.ResourceBundle; import javax.ejb.CreateException; import javax.ejb.FinderException; @@ -62,11 +64,14 @@ import org.hyperic.hq.appdef.shared.AppdefEntityConstants; import org.hyperic.hq.appdef.shared.AIQueueManagerUtil; import org.hyperic.hq.appdef.Ip; +import org.hyperic.hq.authz.server.session.AuthzSubject; import org.hyperic.hq.authz.server.session.AuthzSubjectManagerEJBImpl; import org.hyperic.hq.authz.shared.AuthzSubjectValue; import org.hyperic.hq.authz.shared.PermissionException; import org.hyperic.hq.authz.shared.ResourceValue; import org.hyperic.hq.common.SystemException; +import org.hyperic.hq.common.server.session.AuditImportance; +import org.hyperic.hq.common.server.session.AuditManagerEJBImpl; import org.hyperic.hq.autoinventory.AIPlatform; import org.hyperic.hq.autoinventory.AIServer; import org.hyperic.hq.autoinventory.AIIp; @@ -478,8 +483,34 @@ int action) throws CreateException, FinderException, NamingException, PermissionException, ValidationException, - RemoveException, AIQApprovalException { - + RemoveException, AIQApprovalException + { + AuthzSubject s = + AuthzSubjectManagerEJBImpl.getOne().findSubjectById(subject.getId()); + boolean approved = false; + + try { + if (action == AIQueueConstants.Q_DECISION_APPROVE) { + approved = true; + AuditManagerEJBImpl.getOne() + .pushContainer(AIAudit.newImportAudit(s)); + } + _processQueue(subject, platformList, serverList, ipList, action); + } finally { + if (approved) + AuditManagerEJBImpl.getOne().popContainer(false); + } + } + + private void _processQueue(AuthzSubjectValue subject, + List platformList, + List serverList, + List ipList, + int action) + throws CreateException, FinderException, NamingException, + PermissionException, ValidationException, + RemoveException, AIQApprovalException + { boolean isApproveAction = (action == AIQueueConstants.Q_DECISION_APPROVE); boolean isPurgeAction Added: trunk/src/org/hyperic/hq/auth/server/session/UserAudit.java =================================================================== --- trunk/src/org/hyperic/hq/auth/server/session/UserAudit.java (rev 0) +++ trunk/src/org/hyperic/hq/auth/server/session/UserAudit.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,123 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ +package org.hyperic.hq.auth.server.session; + +import org.hyperic.hq.authz.server.session.AuthzSubject; +import org.hyperic.hq.authz.server.session.AuthzSubjectField; +import org.hyperic.hq.authz.server.session.Resource; +import org.hyperic.hq.authz.server.session.ResourceManagerEJBImpl; +import org.hyperic.hq.common.server.session.Audit; +import org.hyperic.hq.common.server.session.AuditImportance; +import org.hyperic.hq.common.server.session.AuditManagerEJBImpl; +import org.hyperic.hq.common.server.session.AuditPurpose; +import org.hyperic.util.i18n.MessageBundle; + +public class UserAudit extends Audit { + private static final MessageBundle MSGS = + MessageBundle.getBundle("org.hyperic.hq.auth.Resources"); + + public static final UserAuditPurpose USER_LOGIN = + new UserAuditPurpose(0x4000, "user login", "audit.user.login"); + public static final UserAuditPurpose USER_LOGOUT = + new UserAuditPurpose(0x4001, "user logout", "audit.user.logout"); + public static final UserAuditPurpose USER_CREATE = + new UserAuditPurpose(0x4002, "user logout", "audit.user.create"); + public static final UserAuditPurpose USER_UPDATE = + new UserAuditPurpose(0x4003, "user logout", "audit.user.update"); + + + public static class UserAuditPurpose extends AuditPurpose { + UserAuditPurpose(int code, String desc, String localeProp) { + super(code, desc, localeProp, MSGS.getResourceBundle()); + } + } + + protected UserAudit() {} + + UserAudit(Resource r, AuthzSubject s, AuditPurpose p, + AuditImportance i, String msg) + { + super(s, r, p, i, msg); + long now = System.currentTimeMillis(); + setStartTime(now); + setEndTime(now); + } + + private static Resource getRootResource() { + Integer ROOT_ID = new Integer(0); + + return ResourceManagerEJBImpl.getOne().findResourcePojoById(ROOT_ID); + } + + public static UserAudit createLoginAudit(AuthzSubject user) { + String msg = MSGS.format("auditMsg.user.login", user.getFullName()); + UserAudit res = new UserAudit(user.getResource(), user, USER_LOGIN, + AuditImportance.LOW, msg); + + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } + + public static UserAudit createLogoutAudit(AuthzSubject user) { + String msg = MSGS.format("auditMsg.user.logout", user.getFullName()); + UserAudit res = new UserAudit(user.getResource(), user, USER_LOGOUT, + AuditImportance.LOW, msg); + + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } + + public static UserAudit createCreateAudit(AuthzSubject creator, + AuthzSubject newUser) + { + String msg = MSGS.format("auditMsg.user.create", + newUser.getFullName() + "(" + + newUser.getName() + ")"); + UserAudit res = new UserAudit(newUser.getResource(), creator, + USER_CREATE, AuditImportance.HIGH, msg); + + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } + + public static UserAudit createUpdateAudit(AuthzSubject updator, + AuthzSubject target, + AuthzSubjectField field, + String oldVal, String newVal) + { + String msg = MSGS.format("auditMsg.user.update", + target.getFullName(), field.getValue(), + newVal); + UserAudit res = new UserAudit(target.getResource(), updator, + USER_UPDATE, AuditImportance.LOW, msg); + + res.setFieldName(field.getValue()); + res.setOldFieldValue(oldVal); + res.setNewFieldValue(newVal); + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } + +} Modified: trunk/src/org/hyperic/hq/authz/Resources.properties =================================================================== --- trunk/src/org/hyperic/hq/authz/Resources.properties 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/authz/Resources.properties 2007-09-20 00:57:08 UTC (rev 5955) @@ -1 +1,19 @@ -resource.sortField.name=Name \ No newline at end of file +resource.sortField.name=Name + +resource.platform=platform +resource.server=server +resource.service=service +resource.application=application +resource.subject=user +resource.role=role +resource.group=group +resource.escalation=escalation + +subject.field.firstName=first Name +subject.field.lastName=last Name +subject.field.email=email Address +subject.field.sms=SMS Address +subject.field.phone=phone number +subject.field.html=HTML email setting +subject.field.dept=department +subject.field.active=active status Added: trunk/src/org/hyperic/hq/authz/server/session/AuthzSubjectField.java =================================================================== --- trunk/src/org/hyperic/hq/authz/server/session/AuthzSubjectField.java (rev 0) +++ trunk/src/org/hyperic/hq/authz/server/session/AuthzSubjectField.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,62 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ + +package org.hyperic.hq.authz.server.session; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashSet; +import java.util.ResourceBundle; + +import org.hyperic.hq.authz.shared.AuthzConstants; +import org.hyperic.hq.authz.shared.AuthzSubjectValue; +import org.hyperic.hq.common.server.session.Crispo; +import org.hyperic.util.HypericEnum; + +public class AuthzSubjectField extends HypericEnum { + private static final ResourceBundle BUNDLE = + ResourceBundle.getBundle("org.hyperic.hq.authz.Resources"); + + public static final AuthzSubjectField FIRSTNAME = + new AuthzSubjectField(1, "firstName", "subject.field.firstName"); + public static final AuthzSubjectField LASTNAME = + new AuthzSubjectField(2, "lastName", "subject.field.lastName"); + public static final AuthzSubjectField EMAIL = + new AuthzSubjectField(3, "email", "subject.field.email"); + public static final AuthzSubjectField SMS = + new AuthzSubjectField(4, "sms", "subject.field.sms"); + public static final AuthzSubjectField PHONE = + new AuthzSubjectField(5, "phone", "subject.field.phone"); + public static final AuthzSubjectField DEPT = + new AuthzSubjectField(6, "dept", "subject.field.dept"); + public static final AuthzSubjectField ACTIVE = + new AuthzSubjectField(7, "active", "subject.field.active"); + public static final AuthzSubjectField HTML = + new AuthzSubjectField(8, "html", "subject.field.html"); + + private AuthzSubjectField(int code, String desc, String localeProp) { + super(code, desc, localeProp, BUNDLE); + } +} Added: trunk/src/org/hyperic/hq/authz/server/session/ResourceDeleteCallback.java =================================================================== --- trunk/src/org/hyperic/hq/authz/server/session/ResourceDeleteCallback.java (rev 0) +++ trunk/src/org/hyperic/hq/authz/server/session/ResourceDeleteCallback.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,32 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ + +package org.hyperic.hq.authz.server.session; + +import org.hyperic.hq.common.VetoException; + +public interface ResourceDeleteCallback { + void preResourceDelete(Resource r) throws VetoException; +} Modified: trunk/src/org/hyperic/hq/authz/server/session/ResourceManagerEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/authz/server/session/ResourceManagerEJBImpl.java 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/authz/server/session/ResourceManagerEJBImpl.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -40,7 +40,9 @@ import org.hyperic.dao.DAOFactory; import org.hyperic.hibernate.PageInfo; +import org.hyperic.hq.appdef.server.session.AIAudit; import org.hyperic.hq.appdef.shared.AppdefEntityID; +import org.hyperic.hq.authz.server.session.AuthzSubject; import org.hyperic.hq.authz.server.session.Resource; import org.hyperic.hq.authz.server.session.ResourceType; import org.hyperic.hq.authz.shared.AuthzConstants; @@ -54,6 +56,8 @@ import org.hyperic.hq.authz.shared.ResourceManagerLocal; import org.hyperic.hq.authz.shared.ResourceManagerUtil; import org.hyperic.hq.common.SystemException; +import org.hyperic.hq.common.VetoException; +import org.hyperic.hq.common.server.session.ResourceAudit; import org.hyperic.util.pager.PageControl; import org.hyperic.util.pager.PageList; import org.hyperic.util.pager.Pager; @@ -232,12 +236,18 @@ ResourceTypeValue rtv, Integer instanceId, String name, boolean system) { + long start = System.currentTimeMillis(); AuthzSubject owner = getSubjectDAO().findByAuth(whoami.getName(), whoami.getAuthDsn()); ResourceType rt = getResourceTypeDAO().findById(rtv.getId()); - return getResourceDAO().create(rt, name, owner, instanceId, system); + Resource res = getResourceDAO().create(rt, name, owner, instanceId, + system); + + ResourceAudit.createResource(res, owner, start, + System.currentTimeMillis()); + return res; } /** @@ -279,9 +289,15 @@ * @ejb:transaction type="NOTSUPPORTED" */ public ResourceValue findResourceById(Integer id) { - Resource resource = getResourceDAO().findById(id); - return resource.getResourceValue(); + return findResourcePojoById(id).getResourceValue(); } + + /** + * @ejb:interface-method + */ + public Resource findResourcePojoById(Integer id) { + return getResourceDAO().findById(id); + } /** * Find the Resource that has the given instance ID and ResourceType name. @@ -316,7 +332,19 @@ * * @ejb:interface-method */ - public void removeResources(AppdefEntityID[] ids) { + public void removeResources(AuthzSubject subject, AppdefEntityID[] ids) + throws VetoException + { + ResourceDeleteCallback cb = AuthzStartupListener.getCallbackObj(); + ResourceDAO dao = getResourceDAO(); + long now = System.currentTimeMillis(); + + for (int i=0; i < ids.length; i++) { + Resource r = dao.findByInstanceId(ids[i].getAuthzTypeId(), + ids[i].getId()); + cb.preResourceDelete(r); + ResourceAudit.deleteResource(r, subject, now, now); + } getResourceDAO().deleteByInstances(ids); } Modified: trunk/src/org/hyperic/hq/authz/shared/AuthzConstants.java =================================================================== --- trunk/src/org/hyperic/hq/authz/shared/AuthzConstants.java 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/authz/shared/AuthzConstants.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -171,6 +171,7 @@ public static final Integer authzServer = new Integer(303); public static final Integer authzService = new Integer(305); public static final Integer authzApplication = new Integer(308); + public static final Integer authzEscalation = new Integer(401); public static final Integer authzLocation = new Integer(309); public static boolean isOverlord(Integer subject) { Modified: trunk/src/org/hyperic/hq/autoinventory/server/session/RuntimeReportProcessor.java =================================================================== --- trunk/src/org/hyperic/hq/autoinventory/server/session/RuntimeReportProcessor.java 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/autoinventory/server/session/RuntimeReportProcessor.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -31,6 +31,7 @@ import javax.ejb.CreateException; import javax.ejb.FinderException; +import org.hyperic.hq.appdef.Agent; import org.hyperic.hq.appdef.shared.AIConversionUtil; import org.hyperic.hq.appdef.shared.AIPlatformValue; import org.hyperic.hq.appdef.shared.AIServerExtValue; @@ -52,6 +53,8 @@ import org.hyperic.hq.appdef.shared.UpdateException; import org.hyperic.hq.appdef.shared.ValidationException; import org.hyperic.hq.appdef.shared.AppdefEntityConstants; +import org.hyperic.hq.appdef.server.session.AIAudit; +import org.hyperic.hq.appdef.server.session.AgentManagerEJBImpl; import org.hyperic.hq.appdef.server.session.Platform; import org.hyperic.hq.appdef.server.session.Server; import org.hyperic.hq.authz.shared.AuthzSubjectManagerLocal; @@ -62,6 +65,8 @@ import org.hyperic.hq.autoinventory.shared.AutoinventoryManagerLocal; import org.hyperic.hq.common.ApplicationException; import org.hyperic.hq.common.SystemException; +import org.hyperic.hq.common.server.session.Audit; +import org.hyperic.hq.common.server.session.AuditManagerEJBImpl; import org.hyperic.hq.product.RuntimeResourceReport; import org.hyperic.util.StringUtil; import org.hyperic.util.pager.PageControl; @@ -89,7 +94,39 @@ AuthzSubjectManagerLocal subjectMgr) throws AutoinventoryException, CreateException, PermissionException, ValidationException, - ApplicationException { + ApplicationException + { + Agent agent = AgentManagerEJBImpl.getOne().getAgentPojo(agentToken); + Audit audit = AIAudit.newRuntimeImportAudit(agent); + boolean pushed = false; + + try { + AuditManagerEJBImpl.getOne().pushContainer(audit); + pushed = true; + _processRuntimeReport(subject, agentToken, crrr, aiMgr, platformMgr, + serverMgr, serviceMgr, configMgr, cpropMgr, + subjectMgr); + } finally { + if (pushed) { + AuditManagerEJBImpl.getOne().popContainer(false); + } + } + } + + private void _processRuntimeReport(AuthzSubjectValue subject, + String agentToken, + CompositeRuntimeResourceReport crrr, + AutoinventoryManagerLocal aiMgr, + PlatformManagerLocal platformMgr, + ServerManagerLocal serverMgr, + ServiceManagerLocal serviceMgr, + ConfigManagerLocal configMgr, + CPropManagerLocal cpropMgr, + AuthzSubjectManagerLocal subjectMgr) + throws AutoinventoryException, CreateException, + PermissionException, ValidationException, + ApplicationException + { long startTime = System.currentTimeMillis(); log.info("Processing Runtime AI Report: " + crrr.simpleSummary()); Modified: trunk/src/org/hyperic/hq/bizapp/Resources.properties =================================================================== --- trunk/src/org/hyperic/hq/bizapp/Resources.properties 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/bizapp/Resources.properties 2007-09-20 00:57:08 UTC (rev 5955) @@ -1,3 +1,6 @@ update.mode.all=All update.mode.major=Major update.mode.none=None + +audit.hq.started=HQ Started +auditMsg.hq.started=HQ Started Modified: trunk/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/bizapp/server/session/AuthBossEJBImpl.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -33,6 +33,7 @@ import javax.ejb.SessionContext; import javax.security.auth.login.LoginException; +import org.hyperic.hq.auth.server.session.UserAudit; import org.hyperic.hq.auth.shared.SessionException; import org.hyperic.hq.auth.shared.SessionManager; import org.hyperic.hq.auth.shared.SessionNotFoundException; @@ -69,7 +70,10 @@ ConfigPropertyException { try { - return getAuthManager().getSessionId(username, password); + int res = getAuthManager().getSessionId(username, password); + + UserAudit.createLoginAudit(manager.getSubjectPojo(res)); + return res; } catch (AccessLocalException e) { throw new LoginException(e.getMessage()); } @@ -81,6 +85,10 @@ * @ejb:interface-method */ public void logout (int sessionID) { + try { + UserAudit.createLogoutAudit(manager.getSubjectPojo(sessionID)); + } catch(SessionException e) { + } manager.invalidate(sessionID); } Added: trunk/src/org/hyperic/hq/bizapp/server/session/SystemAudit.java =================================================================== --- trunk/src/org/hyperic/hq/bizapp/server/session/SystemAudit.java (rev 0) +++ trunk/src/org/hyperic/hq/bizapp/server/session/SystemAudit.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,80 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ +package org.hyperic.hq.bizapp.server.session; + +import org.hyperic.hq.authz.server.session.AuthzSubject; +import org.hyperic.hq.authz.server.session.AuthzSubjectManagerEJBImpl; +import org.hyperic.hq.authz.server.session.Resource; +import org.hyperic.hq.authz.server.session.ResourceManagerEJBImpl; +import org.hyperic.hq.common.server.session.Audit; +import org.hyperic.hq.common.server.session.AuditImportance; +import org.hyperic.hq.common.server.session.AuditManagerEJBImpl; +import org.hyperic.hq.common.server.session.AuditPurpose; +import org.hyperic.util.i18n.MessageBundle; + +public class SystemAudit extends Audit { + private static final MessageBundle MSGS = + MessageBundle.getBundle("org.hyperic.hq.bizapp.Resources"); + + public static final SystemAuditPurpose HQ_STARTED = + new SystemAuditPurpose(0x3000, "hq started", + "audit.hq.started"); + + public static class SystemAuditPurpose extends AuditPurpose { + SystemAuditPurpose(int code, String desc, String localeProp) { + super(code, desc, localeProp, MSGS.getResourceBundle()); + } + } + + protected SystemAudit() {} + + SystemAudit(Resource r, AuthzSubject s, AuditPurpose p, + AuditImportance i, String msg) + { + super(s, r, p, i, msg); + setStartTime(System.currentTimeMillis()); + setEndTime(System.currentTimeMillis()); + } + + private static Resource getRootResource() { + Integer ROOT_ID = new Integer(0); + + return ResourceManagerEJBImpl.getOne().findResourcePojoById(ROOT_ID); + } + + public static AuthzSubject getOverlord() { + return AuthzSubjectManagerEJBImpl.getOne().getOverlordPojo(); + } + + public static SystemAudit createUpAudit() { + String msg = MSGS.format("auditMsg.hq.started"); + SystemAudit res = new SystemAudit(getRootResource(), getOverlord(), + HQ_STARTED, AuditImportance.MEDIUM, + msg); + + AuditManagerEJBImpl.getOne().saveAudit(res); + return res; + } +} Modified: trunk/src/org/hyperic/hq/common/Resources.properties =================================================================== --- trunk/src/org/hyperic/hq/common/Resources.properties 2007-09-19 21:10:27 UTC (rev 5954) +++ trunk/src/org/hyperic/hq/common/Resources.properties 2007-09-20 00:57:08 UTC (rev 5955) @@ -1,2 +1,31 @@ yes=yes no=no +audit.purpose.create=Create +audit.purpose.delete=Delete +audit.purpose.update=Update +audit.purpose.execute=Execute +audit.purpose.start=Start +audit.purpose.stop=Stop +audit.purpose.login=Login +audit.purpose.logout=Logout +audit.purpose.deploy=Deploy +audit.purpose.undeploy=Undeploy + +audit.importance.low=Low +audit.importance.medium=Medium +audit.importance.high=High + +audit.sortField.startTime=Start +audit.sortField.endTime=End +audit.sortField.importance=Importance +audit.sortField.klazz=Class +audit.sortField.purpose=Purpose +audit.sortField.resource=Resource +audit.sortField.subject=Subject + +audit.resource.create=Resource Created +audit.resource.update=Resource Updated +audit.resource.delete=Resource Deleted + +auditMsg.resource.create={1} ({0}) was created +auditMsg.resource.delete={1} ({0}) was deleted Added: trunk/src/org/hyperic/hq/common/server/session/Audit.java =================================================================== --- trunk/src/org/hyperic/hq/common/server/session/Audit.java (rev 0) +++ trunk/src/org/hyperic/hq/common/server/session/Audit.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,230 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ + +package org.hyperic.hq.common.server.session; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; + +import org.hyperic.hibernate.PersistedObject; +import org.hyperic.hq.authz.server.session.AuthzSubject; +import org.hyperic.hq.authz.server.session.Resource; + +public class Audit + extends PersistedObject +{ + private String _klazz; + private long _startTime; + private long _endTime; + private int _purpose; + private int _importance; + private boolean _original; + private AuthzSubject _subject; + private String _message; + private Resource _resource; + private String _fieldName; + private String _oldFieldValue; + private String _newFieldValue; + private Audit _parent; + private Collection _children = new ArrayList(); + + protected Audit() {} + + protected Audit(AuthzSubject subject, Resource r, AuditPurpose purpose, + AuditImportance importance, String message) + { + _purpose = purpose.getCode(); + _importance = importance.getCode(); + _subject = subject; + _resource = r; + _message = message; + _original = true; + } + + protected String getKlazz() { + return _klazz; + } + + protected void setKlazz(String k) { + _klazz = k; + } + + public long getStartTime() { + return _startTime; + } + + protected void setStartTime(long t) { + _startTime = t; + } + + public long getEndTime() { + return _endTime; + } + + protected void setEndTime(long t) { + _endTime = t; + } + + public AuditPurpose getPurpose() { + return AuditPurpose.findByCode(_purpose); + } + + protected int getPurposeEnum() { + return _purpose; + } + + protected void setPurposeEnum(int p) { + _purpose = p; + } + + public AuditImportance getImportance() { + return AuditImportance.findByCode(_importance); + } + + protected void setImportanceEnum(int p) { + _importance = p; + } + + protected int getImportanceEnum() { + return _importance; + } + + public boolean isOriginal() { + return _original; + } + + protected void setOriginal(boolean o) { + _original = o; + } + + public Resource getResource() { + return _resource; + } + + protected void setResource(Resource r) { + _resource = r; + } + + public String getFieldName() { + return _fieldName; + } + + protected void setFieldName(String f) { + _fieldName = f; + } + + public String getOldFieldValue() { + return _oldFieldValue; + } + + protected void setOldFieldValue(String f) { + _oldFieldValue = f; + } + + public String getNewFieldValue() { + return _newFieldValue; + } + + protected void setNewFieldValue(String v) { + _newFieldValue = v; + } + + public AuthzSubject getSubject() { + return _subject; + } + + protected void setSubject(AuthzSubject s) { + _subject = s; + } + + public String getMessage() { + return _message; + } + + protected void setMessage(String m) { + _message = m; + } + + public Audit getParent() { + return _parent; + } + + protected void setParent(Audit p) { + _parent = p; + } + + protected Collection getChildrenBag() { + return _children; + } + + protected void setChildrenBag(Collection c) { + _children = c; + } + + public Collection getChildren() { + return Collections.unmodifiableCollection(_children); + } + + void addChild(Audit a) { + _children.add(a); + a.setParent(this); + } + + void removeChild(Audit a) { + _children.remove(a); + a.setParent(null); + } + + public String toString() { + return "Audit[purpose=" + _purpose + ",time=" + _startTime + ",msg=" + + _message + "]"; + } + + public boolean equals(Object obj) { + if (!(obj instanceof Audit) || !super.equals(obj)) { + return false; + } + + Audit o = (Audit)obj; + return o.getImportance().equals(getImportance()) && + o.getPurpose().equals(getPurpose()) && + o.getMessage().equals(getMessage()) && + o.getStartTime() == getStartTime() && + o.getKlazz().equals(getKlazz()); + } + + public int hashCode() { + int result = super.hashCode(); + + result = 37 * result + getImportance().hashCode(); + result = 37 * result + getPurpose().hashCode(); + result = 37 * result + getMessage().hashCode(); + result = 37 * result + System.identityHashCode(new Long(getStartTime())); + result = 37 * result + getKlazz().hashCode(); + + return result; + } +} Added: trunk/src/org/hyperic/hq/common/server/session/AuditDAO.java =================================================================== --- trunk/src/org/hyperic/hq/common/server/session/AuditDAO.java (rev 0) +++ trunk/src/org/hyperic/hq/common/server/session/AuditDAO.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,114 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ +package org.hyperic.hq.common.server.session; + +import java.util.List; + +import org.hibernate.Query; +import org.hyperic.dao.DAOFactory; +import org.hyperic.hibernate.PageInfo; +import org.hyperic.hq.authz.server.session.AuthzSubject; +import org.hyperic.hq.authz.server.session.Resource; +import org.hyperic.hq.authz.server.session.ResourceManagerEJBImpl; +import org.hyperic.hq.dao.HibernateDAO; + +public class AuditDAO extends HibernateDAO { + public AuditDAO(DAOFactory f) { + super(Audit.class, f); + } + + Audit findById(Integer id) { + return (Audit)super.findById(id); + } + + void remove(Audit c) { + super.remove(c); + } + + void save(Audit c) { + super.save(c); + } + + void handleResourceDelete(Resource r) { + Integer ROOT = new Integer(0); + String sql = "update Audit a set " + + "a.resource = :rootResource, " + + "a.original = false " + + "where resource = :resource"; + Resource root = + ResourceManagerEJBImpl.getOne().findResourcePojoById(ROOT); + + getSession().createQuery(sql) + .setParameter("rootResource", root) + .setParameter("resource", r) + .executeUpdate(); + } + + List find(PageInfo pInfo, AuthzSubject me, long startTime, long endTime, + AuditImportance minImportance, AuditPurpose purpose, + AuthzSubject target, String klazz) + { + AuditSortField sort = (AuditSortField)pInfo.getSort(); + String sql = "select a from Audit a " + + " join a.resource r " + + " join a.subject s " + + "where a.importanceEnum >= :minImportance and " + + " a.startTime >= :startTime and " + + " a.endTime < :endTime "; + + if (purpose != null) + sql += " and a.purposeEnum = :purpose"; + + if (klazz != null) + sql += " and a.klazz = :klazz"; + + if (target != null) + sql += " and a.subject = :subject"; + + sql += " order by " + sort.getSortString("a", "r", "s") + + (pInfo.isAscending() ? "" : " DESC"); + + if (!sort.equals(AuditSortField.START_TIME)) { + sql += ", " + AuditSortField.START_TIME.getSortString("a", "r", "s") + + " DESC"; + } + + Query q = getSession().createQuery(sql) + .setInteger("minImportance", minImportance.getCode()) + .setLong("startTime", startTime) + .setLong("endTime", endTime); + + if (purpose != null) + q.setInteger("purposeEnum", purpose.getCode()); + + if (klazz != null) + q.setParameter("klazz", klazz); + + if (target != null) + q.setParameter("subject", target); + + return pInfo.pageResults(q).list(); + } +} Added: trunk/src/org/hyperic/hq/common/server/session/AuditImportance.java =================================================================== --- trunk/src/org/hyperic/hq/common/server/session/AuditImportance.java (rev 0) +++ trunk/src/org/hyperic/hq/common/server/session/AuditImportance.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,53 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ +package org.hyperic.hq.common.server.session; + +import java.util.ResourceBundle; + +import org.hyperic.util.HypericEnum; + +public class AuditImportance + extends HypericEnum +{ + private static final String P = "org.hyperic.hq.common.Resources"; + private static final ResourceBundle BUNDLE = ResourceBundle.getBundle(P); + + public static final AuditImportance LOW = + new AuditImportance(0, "low", "audit.importance.low", BUNDLE); + public static final AuditImportance MEDIUM = + new AuditImportance(1, "medium", "audit.importance.medium", BUNDLE); + public static final AuditImportance HIGH = + new AuditImportance(2, "high", "audit.importance.high", BUNDLE); + + protected AuditImportance(int code, String desc, String localeProp, + ResourceBundle bundle) + { + super(AuditImportance.class, code, desc, localeProp, bundle); + } + + public static AuditImportance findByCode(int code) { + return (AuditImportance)findByCode(AuditImportance.class, code); + } +} Added: trunk/src/org/hyperic/hq/common/server/session/AuditManagerEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/common/server/session/AuditManagerEJBImpl.java (rev 0) +++ trunk/src/org/hyperic/hq/common/server/session/AuditManagerEJBImpl.java 2007-09-20 00:57:08 UTC (rev 5955) @@ -0,0 +1,258 @@ +/* + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004, 2005, 2006], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA. + */ + +package org.hyperic.hq.common.server.session; + +import java.util.Iterator; +import java.util.List; + +import javax.ejb.SessionBean; +import javax.ejb.SessionContext; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.hyperic.dao.DAOFactory; +import org.hyperic.hibernate.PageInfo; +import org.hyperic.hq.application.HQApp; +import org.hyperic.hq.application.TransactionListener; +import org.hyperic.hq.authz.server.session.AuthzSubject; +import org.hyperic.hq.authz.server.session.Resource; +import org.hyperic.hq.authz.server.session.ResourceDeleteCallback; +import org.hyperic.hq.common.SystemException; +import org.hyperic.hq.common.VetoException; +import org.hyperic.hq.common.shared.AuditManagerLocal; +import org.hyperic.hq.common.shared.AuditManagerUtil; +import org.hyperic.hq.common.server.session.AuditImportance; +import org.hyperic.hq.common.server.session.AuditPurpose; +import org.hyperic.hq.common.server.session.Audit; + + +/** + * @ejb:bean name="AuditManager" + * jndi-name="ejb/common/AuditManager" + * local-jndi-name="LocalAuditManager" + * view-type="local" + * type="Stateless" + * @ejb:util generate="physical" + * @ejb:transaction type="REQUIRED" + */ +public class AuditManagerEJBImpl implements SessionBean { + private final Log _log = LogFactory.getLog(AuditManagerEJBImpl.class); + private static final ThreadLocal CONTAINERS = new ThreadLocal(); + + private final AuditDAO _DAO = new AuditDAO(DAOFactory.getDAOFactory()); + + /** + * Save an audit and all of it's children. + * + * @ejb:interface-method + */ + public void saveAudit(Audit a) { + if (a.getStartTime() == 0) + a.setStartTime(System.currentTimeMillis()); + + if (getCurrentAudit() != null) { + getCurrentAudit().addChild(a); + } else { + saveRecursively(a); + } + } + + private void saveRecursively(Audit a) { + _DAO.save(a); + for (Iterator i=a.getChildren().iterator(); i.hasNext(); ) { + Audit child = (Audit)i.next(); + + saveRecursively(child); + } + } + + /** + * If there is currently an audit in progress (a container), fetch it. + * + * @ejb:interface-method + */ + public Audit getCurrentAudit() { + return (Audit)CONTAINERS.get(); + } + + /** + * Delete an audit and all its children. + * + * @ejb:interface-method + */ + public void deleteAudit(Audit a) { + deleteRecursively(a); + } + + private void deleteRecursively(Audit a) { + for (Iterator i=a.getChildren().iterator(); i.hasNext(); ) { + Audit child = (Audit)i.next(); + + deleteRecursively(child); + } + _DAO.remove(a); + } + + /** + * @ejb:interface-method + */ + public void popAll() { + Audit a = getCurrentAudit(); + long now = System.currentTimeMillis(); + + try { + while (a != null && a.getParent() != null) { + if (a.getEndTime() == 0) + a.setEndTime(now); + a = a.getParent(); + } + + if (a != null) { + _log.warn("Unpopped audit container: " + a.getMessage() + + ": This should be closed manually!"); + if (a.getEndTime() != 0) + a.setEndTime(now); + saveRecursively(a); + } + } finally { + CONTAINERS.set(null); + } + } + + /** + * Pop the audit container off the stack. + * + * @param allowEmpty If true, allow the container to pop and be saved + * with no children. If the container is empty, and + * this is true, simply delete it + * @ejb:interface-method + */ + public void popContainer(boolean allowEmpty) { + Audit a = getCurrentAudit(); + + if (a == null) { + throw new RuntimeException("Expected to pop a container, but had " + + "none"); + } + + a.setEndTime(System.currentTimeMillis()); + if (a.getParent() == null) { + // Root level container. Save off + try { + if (!allowEmpty && a.getChildren().isEmpty()) { + deleteRecursively(a); + } else { + saveRecursively(a); + } + } finally { + CONTAINERS.set(null); + } + } else { + CONTAINERS.set(a.getParent()); + if (!allowEmpty && a.getChildren().isEmpty()) { + a.getParent().removeChild(a); + deleteRecursively(a); + } + } + } + + /** + * Push a global audit container onto the stack. Any subsequent audits + * created (via saveAudit) will be added to this container. + * + * @ejb:interface-method + */ + public void pushContainer(Audit newContainer) { + Audit currentContainer = getCurrentAudit(); + + newContainer.setStartTime(System.currentTimeMillis()); + if (currentContainer == null) { + HQApp.getInstance().addTransactionListener(new TransactionListener() + { + public void beforeCommit() { + popAll(); + } + + public void afterCommit(boolean success) { + ... [truncated message content] |