APIAuditor (IBM Tivoli Directory Integrator API)

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.di.api
Class APIAuditor

java.lang.Object
  com.ibm.di.api.APIAuditor

public class APIAuditor
extends Object
extends Object

This is the class responsible for auditing auth* events in the Server API. It defines the names of the Attributes for every Entry, which is created to store the relevant information for each audited event. The class provides methods for storing context specific audit information.

Since:: 7.0

Field Summary
`static String`	`AUDIT_AUTH_ID_CUSTOM` Constant representing a type of authentication.
`static String`	`AUDIT_AUTH_ID_HOST` Constant representing a type of authentication.
`static String`	`AUDIT_AUTH_ID_JAAS` Constant representing a type of authentication.
`static String`	`AUDIT_AUTH_ID_LDAP` Constant representing a type of authentication.
`static String`	`AUDIT_AUTH_ID_NO` Constant representing a type of authentication.
`static String`	`AUDIT_AUTH_ID_SSL` Constant representing a type of authentication.
`static String`	`AUDIT_AUTHORIZATION_CLASS` Specify the name of the field representing the audited class by the authorization events.
`static String`	`AUDIT_AUTHORIZATION_METHOD` Specify the name of the field representing the audited method by the authorization events.
`static String`	`AUDIT_CONFIG` Defines if possible the ConfigInstanceID on which the event has occurred.
`static String`	`AUDIT_DATE` Defines the date on which the event has occurred.
`static String`	`AUDIT_HOSTNAME` Defines the host name on which the TDI server is running.
`static String`	`AUDIT_ID` Defines the ID of each event.
`static String`	`AUDIT_IP` Defines the IP address of the client machine.
`static String`	`AUDIT_LOGONNAME` Defines the name of the TDI user, who has caused the event.
`static String`	`AUDIT_MESSAGE_FAILURE` Constant value used to mark the auth* event as failed.
`static String`	`AUDIT_MESSAGE_SUCCESS` Constant value used to mark the auth* event as successful.
`static String`	`AUDIT_NAME` Defines the name of the Attribute filled in with the name of the TDI object on which the event takes place.
`static String`	`AUDIT_PATH` Defines the name of the Attribute filled in with the physical path to the TDI instance (e.g.
`static String`	`AUDIT_SERVER_PLATFORM` Define the platform name on which the TDI server is running.
`static String`	`AUDIT_SERVER_PLATFORM_VERSION` Define the platform version on which the TDI server is running.
`static String`	`AUDIT_SESSIONTYPE` Defines the Session type.
`static String`	`AUDIT_SUCCESS` Defines the result of the auth* event.
`static String`	`AUDIT_TYPE` Defines the name of the attribute specifying the type of audited event.
`static String`	`EVT_AUDIT_AUTHENTICATE` Define the prefix used for authentication events.
`static String`	`EVT_AUDIT_AUTHORIZATION_PREFIX` Define the prefix used for authorization events.

Constructor Summary
`APIAuditor()`

Method Summary
`static void`	`sendAuthenticationAuditData(String userID, boolean isSuccessful, String authenticationType)` The method adds specific authentication audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI.
`static void`	`sendSessionAuditData(String userID, String path, String tdiObjectName, boolean isSuccessful, String authorizationClass, String authorizationMethod, String eventID, String eventConfigInstanceId)` The method adds specific audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

AUDIT_TYPE

public static final String AUDIT_TYPE

Defines the name of the attribute specifying the type of audited event.

See Also:: Constant Field Values

AUDIT_AUTHORIZATION_CLASS

public static final String AUDIT_AUTHORIZATION_CLASS

Specify the name of the field representing the audited class by the authorization events.

See Also:: Constant Field Values

AUDIT_AUTHORIZATION_METHOD

public static final String AUDIT_AUTHORIZATION_METHOD

Specify the name of the field representing the audited method by the authorization events.

See Also:: Constant Field Values

EVT_AUDIT_AUTHENTICATE

public static final String EVT_AUDIT_AUTHENTICATE

Define the prefix used for authentication events.

See Also:: Constant Field Values

EVT_AUDIT_AUTHORIZATION_PREFIX

public static final String EVT_AUDIT_AUTHORIZATION_PREFIX

Define the prefix used for authorization events.

See Also:: Constant Field Values

AUDIT_ID

public static final String AUDIT_ID

Defines the ID of each event. By authentication events this is the type of authentication. By authorization ones, it is the same as the TDI Object name, on which authorization takes part. The two exceptions are: custom invocation of java code, where the event id is represented by the TDI server id and the name of the object is the method name; deleting tombstones using GUID - the event ID is the GUID itself.The value for the event id could be: TDI Server ID, ConfigInstance ID, Assembly Line name. If an AL name can be determined for the event, then it is stored, otherwise a Config Instance ID is used. In case this is also not possible, then the TDI server ID is provided as event ID.

See Also:: Constant Field Values

AUDIT_CONFIG

public static final String AUDIT_CONFIG

Defines if possible the ConfigInstanceID on which the event has occurred.

See Also:: Constant Field Values

AUDIT_DATE

public static final String AUDIT_DATE

Defines the date on which the event has occurred.

See Also:: Constant Field Values

AUDIT_LOGONNAME

public static final String AUDIT_LOGONNAME

Defines the name of the TDI user, who has caused the event.

See Also:: Constant Field Values

AUDIT_SUCCESS

public static final String AUDIT_SUCCESS

Defines the result of the auth* event.

See Also:: Constant Field Values

AUDIT_SERVER_PLATFORM

public static final String AUDIT_SERVER_PLATFORM

Define the platform name on which the TDI server is running.

See Also:: Constant Field Values

AUDIT_SERVER_PLATFORM_VERSION

public static final String AUDIT_SERVER_PLATFORM_VERSION

Define the platform version on which the TDI server is running.

See Also:: Constant Field Values

AUDIT_HOSTNAME

public static final String AUDIT_HOSTNAME

Defines the host name on which the TDI server is running.

See Also:: Constant Field Values

AUDIT_IP

public static final String AUDIT_IP

Defines the IP address of the client machine.

See Also:: Constant Field Values

AUDIT_SESSIONTYPE

public static final String AUDIT_SESSIONTYPE

Defines the Session type.

See Also:: Constant Field Values

AUDIT_PATH

public static final String AUDIT_PATH

Defines the name of the Attribute filled in with the physical path to the TDI instance (e.g. path to the config file).

See Also:: Constant Field Values

AUDIT_NAME

public static final String AUDIT_NAME

Defines the name of the Attribute filled in with the name of the TDI object on which the event takes place. The value could contain: the TDI Server name, the ConfigInstance ID, or the AssemblyLine name). Two special cases are the invocation of custom java code, where the name of the method is passed as value, and the deletion of tombstones using GUID. In this case the parameter stores the GUID.

See Also:: Constant Field Values

AUDIT_MESSAGE_SUCCESS

public static final String AUDIT_MESSAGE_SUCCESS

Constant value used to mark the auth* event as successful.

See Also:: Constant Field Values

AUDIT_MESSAGE_FAILURE

public static final String AUDIT_MESSAGE_FAILURE

Constant value used to mark the auth* event as failed.

See Also:: Constant Field Values

AUDIT_AUTH_ID_NO

public static final String AUDIT_AUTH_ID_NO

Constant representing a type of authentication.
AUDIT_AUTH_ID_NO = "default"

See Also:: Constant Field Values

AUDIT_AUTH_ID_CUSTOM

public static final String AUDIT_AUTH_ID_CUSTOM

Constant representing a type of authentication.
AUDIT_AUTH_ID_CUSTOM = "custom"

See Also:: Constant Field Values

AUDIT_AUTH_ID_LDAP

public static final String AUDIT_AUTH_ID_LDAP

Constant representing a type of authentication.
AUDIT_AUTH_ID_LDAP = "LDAP"

See Also:: Constant Field Values

AUDIT_AUTH_ID_SSL

public static final String AUDIT_AUTH_ID_SSL

Constant representing a type of authentication.
AUDIT_AUTH_ID_SSL = "SSL"

See Also:: Constant Field Values

AUDIT_AUTH_ID_HOST

public static final String AUDIT_AUTH_ID_HOST

Constant representing a type of authentication.
AUDIT_AUTH_ID_HOST = "host"

See Also:: Constant Field Values

AUDIT_AUTH_ID_JAAS

public static final String AUDIT_AUTH_ID_JAAS

Constant representing a type of authentication.
AUDIT_AUTH_ID_JAAS = "JAAS"

See Also:: Constant Field Values

Constructor Detail

APIAuditor

public APIAuditor()

Method Detail

sendAuthenticationAuditData

public static void sendAuthenticationAuditData(String userID,
                                               boolean isSuccessful,
                                               String authenticationType)

The method adds specific authentication audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI. It is called from every authentication point in the server API code, where auditing is wanted.

Parameters:: userID - Defines the name of the TDI user, who has caused the event.; isSuccessful - Defines the result of the auth* event.; authenticationType - Defines the type of authentication.

sendSessionAuditData

public static void sendSessionAuditData(String userID,
                                        String path,
                                        String tdiObjectName,
                                        boolean isSuccessful,
                                        String authorizationClass,
                                        String authorizationMethod,
                                        String eventID,
                                        String eventConfigInstanceId)

The method adds specific audit information in a TDI Entry's Attributes and sends this information as Notification using the leveraged notification mechanism in TDI. It is called from every point in the server API code, where auditing is wanted.

Parameters:: userID - Defines the name of the TDI user, who has caused the event.; path - Stores the physical path to the TDI instance (e.g. path to the config file). By invocation of custom java code the name of the class is set as path.; tdiObjectName - Presents the name of the TDI object, on which the event takes place. The value could be one of the following: TDI Server ID, ConfigInstance ID, AL Name or java method (by custom invocations).; isSuccessful - Expects the result of the auth* event.; authorizationClass - Defines the interface name for the class, where the authorization event takes place.; authorizationMethod - Stores the name of the method, where the authorization takes place.; eventID - Specifies an ID to the audit notification. The field is similar to the tdiObjectName parameter.; eventConfigInstanceId - Gives the ID of the ConfigInstance, on which the authorization event is performed. Takes null, if no such ID can be assigned.