📄 logauditprovider.java
字号:
//声明本接口所在的包
package examples.security.audit;
//声明本类引入的其他类
import java.net.Socket;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.Permission;
import java.util.Vector;
import weblogic.logging.LogOutputStream;
import weblogic.security.X509;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.SSLUserInfo;
import weblogic.security.acl.User;
import weblogic.security.acl.UserInfo;
import weblogic.security.audit.AuditProvider;
/**
* 这个类把接收到的所有安全事件写到WebLogic服务器日志文件中
*/
public class LogAuditProvider
implements AuditProvider
{
//声明日志输出流
protected LogOutputStream log;
//计数
private int lastCount = 0;
//消息
private String lastMessage = null;
/**
* 构造方法
*/
public LogAuditProvider()
{
//创建日志输出流
log = new LogOutputStream("Audit");
//记录消息
log.info("Security auditing started");
}
//认证用户
public void authenticateUser(String subsystem, UserInfo info, User result)
{
if (filterAuthenticateUser(subsystem, info, result))
{
String user = info.getName();
String credential = null;
if (info instanceof DefaultUserInfoImpl)
{
DefaultUserInfoImpl dinfo = (DefaultUserInfoImpl) info;
Vector credentials = new Vector(1);
// 判断接收到的可信类型
if (dinfo.hasPassword())
{
credentials.addElement("password");
}
if (dinfo.hasCertificates())
{
credentials.addElement("certificates");
}
if (dinfo instanceof SSLUserInfo)
{
credentials.addElement("SSL certificates");
}
credential = credentials.size() > 0
? (weblogic.utils.enumerations.EnumerationUtils.toString
(credentials.elements(), " + "))
: "nothing";
} else {
credential = "unknown";
}
dump(subsystem, "user auth",
"user=" + str(user) + ", credentials=" + credential + ", " +
(result != null ? "SUCCESS" : "FAILURE"));
}
}
/**
* 如果有条件的过滤事件,可以在子类中重载这个方法
*/
protected boolean filterAuthenticateUser(String subsystem, UserInfo info,
User result)
{
return true;
}
public void checkPermission(String subsystem, Acl acl, Principal principal,
Permission permission, boolean result)
{
if (filterCheckPermission(subsystem, acl, principal, permission, result))
{
dump(subsystem, "check perm",
"acl=" + str(acl != null ? acl.getName() : null) +
", principal=" + str(principal != null ? principal.getName() : null) +
", permission=" + str(permission) + ", " +
(result ? "ALLOW" : "DISALLOW"));
}
}
/**
* 如果有条件的过滤事件,可以在子类中重载这个方法
*/
protected boolean filterCheckPermission(String subsystem, Acl acl,
Principal principal,
Permission permission, boolean result)
{
return true;
}
public void certificateInvalid(String subsystem, Object source, X509 cert)
{
if (filterCertificateInvalid(subsystem, source, cert))
{
String origin = "unknown";
if (source instanceof Socket)
{
Socket sock = (Socket) source;
origin = sock.getInetAddress().getHostName() + ":" +
sock.getPort();
}
else if (source instanceof String)
{
origin = (String) source;
}
String reason = cert != null ? cert.explain() : "no certificate presented";
dump(subsystem, "invalid X.509 certificate", "source is " + origin + ", " +
(reason != null ? reason : "cause unknown"));
}
}
/**
*如果有条件的过滤事件,可以在子类中重载这个方法
*
* @return Whether to log this event
*/
protected boolean filterCertificateInvalid(String subsystem, Object source,
X509 cert)
{
return true;
}
public void rootCAInvalid(String subsystem, Object source, X509 cert)
{
if (filterRootCAInvalid(subsystem, source, cert))
{
String origin = "unknown";
if (source instanceof Socket)
{
Socket sock = (Socket) source;
origin = sock.getInetAddress().getHostName() + ":" +
sock.getPort();
}
else if (source instanceof String)
{
origin = (String) source;
}
dump(subsystem, "invalid X.509 root CA", "source is " + origin);
}
}
/**
* 如果有条件的过滤事件,可以在子类中重载这个方法
*
*/
protected boolean filterRootCAInvalid(String subsystem, Object source,
X509 cert)
{
return true;
}
/**
* 把一个字符串包装成带引号的形式
*/
private static final String str(Object thing)
{
return thing != null ? ("\"" + thing + "\"") : "null";
}
protected void dump(String subsystem, String op, String message)
{
String msg = "[" + subsystem + "] " + op + ": " + message;
if (lastMessage == null)
{
log.info(msg);
lastMessage = msg;
lastCount = 0;
}
else if (lastMessage.equals(msg))
{
lastCount += 1;
} else {
if (lastCount == 1)
{
log.info(lastMessage);
}
else if (lastCount > 1)
{
log.info("(last audit message repeated " + + lastCount + " times)");
}
lastCount = 0;
log.info(msg);
lastMessage = msg;
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -