Google Git
Sign in
apache / ranger / refs/tags/ranger-1.2.0-rc1 / . / agents-audit / src / main / java / org / apache / ranger / audit / entity / AuthzAuditEventDbObj.java
blob: 6830e9504d195dfd594c208a8f2794869281a930 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ranger.audit.entity;
import java.io.Serializable;
import java.util.Date;
import java.util.Properties;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.SequenceGenerator;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.MiscUtil;
/**
* Entity implementation class for Entity: AuthzAuditEventDbObj
*
*/
@Entity
@Table(name="xa_access_audit")
public class AuthzAuditEventDbObj implements Serializable {
private static final Log LOG = LogFactory.getLog(AuthzAuditEventDbObj.class);
private static final long serialVersionUID = 1L;
static int MaxValueLengthAccessType = 255;
static int MaxValueLengthAclEnforcer = 255;
static int MaxValueLengthAgentId = 255;
static int MaxValueLengthClientIp = 255;
static int MaxValueLengthClientType = 255;
static int MaxValueLengthRepoName = 255;
static int MaxValueLengthResultReason = 255;
static int MaxValueLengthSessionId = 255;
static int MaxValueLengthRequestUser = 255;
static int MaxValueLengthAction = 2000;
static int MaxValueLengthRequestData = 4000;
static int MaxValueLengthResourcePath = 4000;
static int MaxValueLengthResourceType = 255;
private long auditId;
private int repositoryType;
private String repositoryName;
private String user;
private Date timeStamp;
private String accessType;
private String resourcePath;
private String resourceType;
private String action;
private int accessResult;
private String agentId;
private long policyId;
private String resultReason;
private String aclEnforcer;
private String sessionId;
private String clientType;
private String clientIP;
private String requestData;
private long seqNum;
private long eventCount;
private long eventDurationMS;
private String tags;
public static void init(Properties props)
{
LOG.info("AuthzAuditEventDbObj.init()");
final String AUDIT_DB_MAX_COLUMN_VALUE = "xasecure.audit.destination.db.max.column.length";
MaxValueLengthAccessType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "access_type", MaxValueLengthAccessType);
logMaxColumnValue("access_type", MaxValueLengthAccessType);
MaxValueLengthAclEnforcer = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "acl_enforcer", MaxValueLengthAclEnforcer);
logMaxColumnValue("acl_enforcer", MaxValueLengthAclEnforcer);
MaxValueLengthAction = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "action", MaxValueLengthAction);
logMaxColumnValue("action", MaxValueLengthAction);
MaxValueLengthAgentId = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "agent_id", MaxValueLengthAgentId);
logMaxColumnValue("agent_id", MaxValueLengthAgentId);
MaxValueLengthClientIp = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "client_id", MaxValueLengthClientIp);
logMaxColumnValue("client_id", MaxValueLengthClientIp);
MaxValueLengthClientType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "client_type", MaxValueLengthClientType);
logMaxColumnValue("client_type", MaxValueLengthClientType);
MaxValueLengthRepoName = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "repo_name", MaxValueLengthRepoName);
logMaxColumnValue("repo_name", MaxValueLengthRepoName);
MaxValueLengthResultReason = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "result_reason", MaxValueLengthResultReason);
logMaxColumnValue("result_reason", MaxValueLengthResultReason);
MaxValueLengthSessionId = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "session_id", MaxValueLengthSessionId);
logMaxColumnValue("session_id", MaxValueLengthSessionId);
MaxValueLengthRequestUser = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "request_user", MaxValueLengthRequestUser);
logMaxColumnValue("request_user", MaxValueLengthRequestUser);
MaxValueLengthRequestData = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "request_data", MaxValueLengthRequestData);
logMaxColumnValue("request_data", MaxValueLengthRequestData);
MaxValueLengthResourcePath = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "resource_path", MaxValueLengthResourcePath);
logMaxColumnValue("resource_path", MaxValueLengthResourcePath);
MaxValueLengthResourceType = MiscUtil.getIntProperty(props, AUDIT_DB_MAX_COLUMN_VALUE + "." + "resource_type", MaxValueLengthResourceType);
logMaxColumnValue("resource_type", MaxValueLengthResourceType);
}
public static void logMaxColumnValue(String columnName, int configuredMaxValueLength) {
LOG.info("Setting max column value for column[" + columnName + "] to [" + configuredMaxValueLength + "].");
if (configuredMaxValueLength == 0) {
LOG.info("Max length of column[" + columnName + "] was 0! Column will NOT be emitted in the audit.");
} else if (configuredMaxValueLength < 0) {
LOG.info("Max length of column[" + columnName + "] was less than 0! Column value will never be truncated.");
}
}
public AuthzAuditEventDbObj() {
super();
}
public AuthzAuditEventDbObj(AuthzAuditEvent event) {
super();
Date utcDate=null;
if(event.getEventTime()!=null){
utcDate=MiscUtil.getUTCDateForLocalDate(event.getEventTime());
}else{
utcDate=MiscUtil.getUTCDate();
}
this.repositoryType = event.getRepositoryType();
this.repositoryName = event.getRepositoryName();
this.user = event.getUser();
this.timeStamp = utcDate;
this.accessType = event.getAccessType();
this.resourcePath = event.getResourcePath();
this.resourceType = event.getResourceType();
this.action = event.getAction();
this.accessResult = event.getAccessResult();
this.agentId = event.getAgentId();
this.policyId = event.getPolicyId();
this.resultReason = event.getResultReason();
this.aclEnforcer = event.getAclEnforcer();
this.sessionId = event.getSessionId();
this.clientType = event.getClientType();
this.clientIP = event.getClientIP();
this.requestData = event.getRequestData();
this.seqNum = event.getSeqNum();
this.eventCount = event.getEventCount();
this.eventDurationMS= event.getEventDurationMS();
this.tags = StringUtils.join(event.getTags(), ", ");
}
@Id
@SequenceGenerator(name="XA_ACCESS_AUDIT_SEQ",sequenceName="XA_ACCESS_AUDIT_SEQ",allocationSize=1)
@GeneratedValue(strategy=GenerationType.AUTO,generator="XA_ACCESS_AUDIT_SEQ")
@Column(name = "id", unique = true, nullable = false)
public long getAuditId() {
return this.auditId;
}
public void setAuditId(long auditId) {
this.auditId = auditId;
}
@Column(name = "repo_type")
public int getRepositoryType() {
return this.repositoryType;
}
public void setRepositoryType(int repositoryType) {
this.repositoryType = repositoryType;
}
@Column(name = "repo_name")
public String getRepositoryName() {
return truncate(this.repositoryName, MaxValueLengthRepoName, "repo_name");
}
public void setRepositoryName(String repositoryName) {
this.repositoryName = repositoryName;
}
@Column(name = "request_user")
public String getUser() {
return truncate(this.user, MaxValueLengthRequestUser, "request_user");
}
public void setUser(String user) {
this.user = user;
}
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "event_time")
public Date getTimeStamp() {
return this.timeStamp;
}
public void setTimeStamp(Date timeStamp) {
this.timeStamp = timeStamp;
}
@Column(name = "access_type")
public String getAccessType() {
return truncate(this.accessType, MaxValueLengthAccessType, "access_type");
}
public void setAccessType(String accessType) {
this.accessType = accessType;
}
@Column(name = "resource_path")
public String getResourcePath() {
return truncate(this.resourcePath, MaxValueLengthResourcePath, "resource_path");
}
public void setResourcePath(String resourcePath) {
this.resourcePath = resourcePath;
}
@Column(name = "resource_type")
public String getResourceType() {
return truncate(this.resourceType, MaxValueLengthResourceType, "resource_type");
}
public void setResourceType(String resourceType) {
this.resourceType = resourceType;
}
@Column(name = "action")
public String getAction() {
return truncate(this.action, MaxValueLengthAction, "action");
}
public void setAction(String action) {
this.action = action;
}
@Column(name = "access_result")
public int getAccessResult() {
return this.accessResult;
}
public void setAccessResult(int accessResult) {
this.accessResult = accessResult;
}
@Column(name = "agent_id")
public String getAgentId() {
return truncate(this.agentId, MaxValueLengthAgentId, "agent_id");
}
public void setAgentId(String agentId) {
this.agentId = agentId;
}
@Column(name = "policy_id")
public long getPolicyId() {
return this.policyId;
}
public void setPolicyId(long policyId) {
this.policyId = policyId;
}
@Column(name = "result_reason")
public String getResultReason() {
return truncate(this.resultReason, MaxValueLengthResultReason, "result_reason");
}
public void setResultReason(String resultReason) {
this.resultReason = resultReason;
}
@Column(name = "acl_enforcer")
public String getAclEnforcer() {
return truncate(this.aclEnforcer, MaxValueLengthAclEnforcer, "acl_enforcer");
}
public void setAclEnforcer(String aclEnforcer) {
this.aclEnforcer = aclEnforcer;
}
@Column(name = "session_id")
public String getSessionId() {
return truncate(this.sessionId, MaxValueLengthSessionId, "session_id");
}
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
}
@Column(name = "client_type")
public String getClientType() {
return truncate(this.clientType, MaxValueLengthClientType, "client_type");
}
public void setClientType(String clientType) {
this.clientType = clientType;
}
@Column(name = "client_ip")
public String getClientIP() {
return truncate(this.clientIP, MaxValueLengthClientIp, "client_ip");
}
public void setClientIP(String clientIP) {
this.clientIP = clientIP;
}
@Column(name = "request_data")
public String getRequestData() {
return truncate(this.requestData, MaxValueLengthRequestData, "request_data");
}
public void setRequestData(String requestData) {
this.requestData = requestData;
}
@Column(name = "seq_num")
public long getSeqNum() { return this.seqNum; }
public void setSeqNum(long seqNum) { this.seqNum = seqNum; }
@Column(name = "event_count")
public long getEventCount() { return this.eventCount; }
public void setEventCount(long eventCount) { this.eventCount = eventCount; }
@Column(name = "event_dur_ms")
public long getEventDurationMS() { return this.eventDurationMS; }
public void setEventDurationMS(long eventDurationMS) { this.eventDurationMS = eventDurationMS; }
@Column(name = "tags")
public String getTags() {
return this.tags;
}
public void setTags(String tags) {
this.tags = tags;
}
static final String TruncationMarker = "...";
static final int TruncationMarkerLength = TruncationMarker.length();
protected String truncate(String value, int limit, String columnName) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> getTrunctedValue(%s, %d, %s)", value, limit, columnName));
}
String result = value;
if (value != null) {
if (limit < 0) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("Truncation is suppressed for column[%s]: old value [%s], new value[%s]", columnName, value, result));
}
} else if (limit == 0) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("Column[%s] is to be excluded from audit: old value [%s], new value[%s]", columnName, value, result));
}
result = null;
} else {
if (value.length() > limit) {
if (limit <= TruncationMarkerLength) {
// NOTE: If value is to be truncated to a size that is less than of equal to the Truncation Marker then we won't put the marker in!!
result = value.substring(0, limit);
} else {
StringBuilder sb = new StringBuilder(value.substring(0, limit - TruncationMarkerLength));
sb.append(TruncationMarker);
result = sb.toString();
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("Truncating value for column[%s] to [%d] characters: old value [%s], new value[%s]", columnName, limit, value, result));
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== getTrunctedValue(%s, %d, %s): %s", value, limit, columnName, result));
}
return result;
}
}