View Javadoc
1   /**
2    * This Source Code Form is subject to the terms of the Mozilla Public
3    * License, v. 2.0. If a copy of the MPL was not distributed with this
4    * file, You can obtain one at http://mozilla.org/MPL/2.0/.
5    *
6    * If it is not possible or desirable to put the notice in a particular
7    * file, then You may include the notice in a location (such as a LICENSE
8    * file in a relevant directory) where a recipient would be likely to look
9    * for such a notice.
10  
11   * 
12   */
13   
14  /*  ---------------------------------------------------------------------------
15   *  U.S. Government, Department of the Army
16   *  Army Materiel Command
17   *  Research Development Engineering Command
18   *  Communications Electronics Research Development and Engineering Center
19   *  ---------------------------------------------------------------------------
20   */
21  
22  package org.miloss.fgsms.common;
23  
24  import java.sql.Connection;
25  import java.sql.PreparedStatement;
26  import javax.servlet.http.HttpServletRequest;
27  import javax.xml.ws.handler.MessageContext;
28  import org.apache.log4j.Level;
29  
30  import org.miloss.fgsms.services.interfaces.common.SecurityWrapper;
31  
32  /**
33   * performs audit logging via the fgsms Configuration
34   * database. This is only usable on the FGSMS server
35   *
36   * @author AO
37   */
38  public class AuditLogger {
39  
40      static final Logger log = Logger.getLogger(AuditLogger.class.getCanonicalName());
41  
42      /**
43       * adds an item to the audit log, this is a wrapper function
44       *
45       * @param classname
46       * @param method
47       * @param username
48       * @param memo
49       * @param classification, if null, not specified will be used, otherwise a
50       * prettyprint version of the classificaiton level will be used
51       * @param messageContext
52       */
53      public static void logItem(String classname, String method, String username, String memo, SecurityWrapper classification, MessageContext messageContext) {
54          if (classification == null || classification.getClassification() == null || classification.getCaveats() == null) {
55              logItem(classname, method, username, memo, unspecified, messageContext);
56          } else {
57              logItem(classname, method, username, memo, Utility.ICMClassificationToString(classification.getClassification()) + " " + classification.getCaveats(), messageContext);
58          }
59      }
60      public static final String unspecified = "UNSPECIFIED";
61  
62      /**
63       * strips out newlines to prevent possible log forging attacks
64       * @param input
65       * @return 
66       */
67      private static String logForgePrevention(String input){
68          if (input==null)
69              return null;
70          return input.replace("\n", "");
71      }
72      /**
73       * automatically adds JVM memory stats and logs to the DEBUG log all input
74       * data
75       *
76       * @param classname
77       * @param method
78       * @param username
79       * @param memo
80       * @param classification
81       * @param messageContext
82       */
83      public static void logItem(String classname, String method, String username, String memo, String classification, MessageContext messageContext) {
84          memo += " JVM Free:" + Runtime.getRuntime().freeMemory() + " Total: " + Runtime.getRuntime().totalMemory();
85          double used = (double) (Runtime.getRuntime().totalMemory() - Runtime.getRuntime().freeMemory()) / (double) Runtime.getRuntime().totalMemory();
86          memo += " " + String.valueOf(used) + "% in use, processors: " + Runtime.getRuntime().availableProcessors();
87  
88          log.log(Level.DEBUG, "fgsms Audit Log: " + logForgePrevention(classname) + " " + logForgePrevention(method) + " username: " + logForgePrevention(username) + " memo: " + logForgePrevention(memo));
89          Connection con = Utility.getConfigurationDBConnection();
90          PreparedStatement com=null;
91          try {
92  
93              if (con == null) {
94                  log.log(Level.FATAL, "database not available");
95                  System.out.println("database not available! cannot record audit logs!");
96                  System.err.println("database not available! cannot record audit logs!");
97                  return;
98              }
99              com = con.prepareStatement("INSERT INTO auditlog("
100                     + "utcdatetime, username, classname, method, memo, classification, ipaddress) VALUES (?, ?, ?, ?, ?,?,?);");
101             com.setLong(1, System.currentTimeMillis());
102             com.setString(2, username);
103             com.setString(3, classname);
104             com.setString(4, method);
105             com.setBytes(5, (memo).trim().getBytes(Constants.CHARSET));
106             com.setString(6, classification);
107 
108             if (messageContext != null) {
109                 try {
110                     HttpServletRequest ctx = null;
111                     ctx = (HttpServletRequest) messageContext.get(messageContext.SERVLET_REQUEST);
112                     com.setString(7, ctx.getRemoteAddr());
113                 } catch (Exception ex) {
114                     com.setString(7, "NA");
115                 }
116             } else {
117                 com.setString(7, "NA");
118             }
119 
120 
121             com.execute();
122         } catch (Exception ex) {
123             log.log(Level.ERROR, "Unable to log audit event", ex);
124         } finally {
125             DBUtils.safeClose(com);
126             DBUtils.safeClose(con);
127 
128         }
129     }
130 }