#62 Improve AuditManager

1.1 release
open
nobody
audit (3)
7
2008-05-03
2008-05-03
André Pestana
No

System's auditors usually need to know exactly who did an action, the action, action's parameters, and if the action was successfully finished. Propose to change AuditManager to bring these data like above:

package net.sf.jguard.audit;

import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import net.sf.jguard.audit.JGLevel;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;

/**
* @author <a href="mailto:andrepestana@yahoo.com">André Pestana</a>
*/
public class AuditLoggerManager {

public static int TRUE = 1;
public static int FALSE = 0;

/**
* Log audit data.
* @param logger
* @param localUser
* @param action
* @param parameters
* @param success
*/
public static void log(Logger logger, Subject localUser, String action, Object parameters, int success){

// Get localUser login
Set credentials = localUser.getPrivateCredentials();
Iterator iteCred = credentials.iterator();
String login = null;
JGuardCredential cred = null;
while(iteCred.hasNext()){
cred = (JGuardCredential) iteCred.next();
if(cred.getId().equals("login")){
login = (String) cred.getValue();
}
}

// Add user name for logging
MDC.put("user", login);

// Add action parameters for logging
MDC.put("parameters", parameters);

// Add TRUE=1 if successful or FALSE=0 if not
MDC.put("success", success);

// Log audit action in JG_AUDIT level
logger.log(JGLevel.JG_AUDIT, action );
}
}

Discussion