1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.audit;
18
19 import javax.sql.DataSource;
20
21 /***
22 * Gathers information about security auditing activity
23 *
24 * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
25 * @version $Id: $
26 */
27 public interface AuditActivity
28 {
29
30 public static final String AUTHENTICATION_SUCCESS = "login-success";
31 public static final String AUTHENTICATION_FAILURE = "login-failure";
32 public static final String PASSWORD_CHANGE_SUCCESS = "password-success";
33 public static final String PASSWORD_CHANGE_FAILURE = "password-failure";
34
35
36 public static final String USER_CREATE = "user-create";
37 public static final String USER_UPDATE = "user-update";
38 public static final String USER_DELETE = "user-delete";
39 public static final String USER_DISABLE = "user-disable";
40 public static final String USER_EXTEND = "user-extend";
41 public static final String USER_EXTEND_UNLIMITED = "user-extend-unlimited";
42
43 public static final String PASSWORD_EXPIRE = "password-expire";
44 public static final String PASSWORD_RESET = "password-reset";
45 public static final String PASSWORD_ACTIVATE = "password-activate";
46 public static final String PASSWORD_ENABLED = "password-enabled";
47 public static final String PASSWORD_DISABLED = "password-disabled";
48 public static final String PASSWORD_UPDATE_REQUIRED = "password-update-req";
49 public static final String PASSWORD_EXTEND = "password-extend";
50 public static final String PASSWORD_UNLIMITED = "password-unlimited";
51
52 public static final String USER_ADD_ROLE = "user-add-role";
53 public static final String USER_DELETE_ROLE = "user-delete-role";
54 public static final String USER_ADD_GROUP = "user-add-group";
55 public static final String USER_DELETE_GROUP = "user-delete-group";
56 public static final String USER_ADD_PROFILE = "user-add-profile";
57 public static final String USER_DELETE_PROFILE = "user-delete-profile";
58
59 public static final String USER_ADD_ATTRIBUTE = "user-add-attr";
60 public static final String USER_DELETE_ATTRIBUTE = "user-delete-attr";
61 public static final String USER_UPDATE_ATTRIBUTE = "user-update-attr";
62
63
64 public static final String CAT_USER_AUTHENTICATION = "authentication";
65 public static final String CAT_USER_ATTRIBUTE = "user-attribute";
66 public static final String CAT_ADMIN_USER_MAINTENANCE = "user";
67 public static final String CAT_ADMIN_CREDENTIAL_MAINTENANCE = "credential";
68 public static final String CAT_ADMIN_ATTRIBUTE_MAINTENANCE = "attribute";
69 public static final String CAT_ADMIN_AUTHORIZATION_MAINTENANCE = "authorization";
70
71 /***
72 * Enable or disable the service at runtime
73 *
74 * @param enabled
75 */
76 public void setEnabled(boolean enabled);
77
78 /***
79 * Get the enabled state of this service
80 * @return
81 */
82 public boolean getEnabled();
83
84 /***
85 * Log user security-audit-related activity
86 *
87 * @param username
88 * @param ipaddress
89 * @param activity
90 * @param description
91 */
92 public void logUserActivity(String username, String ipaddress, String activity, String description);
93
94 /***
95 * Log auditable activity by an administrator on behalf of another user
96 *
97 * @param username
98 * @param ipaddress
99 * @param targetUser
100 * @param activity
101 * @param description
102 */
103 public void logAdminUserActivity(String username, String ipaddress, String targetUser, String activity, String description);
104
105 /***
106 * Log auditable activity by an administrator on credentials on behalf of a user
107 *
108 * @param adminName
109 * @param ipaddress
110 * @param targetUser
111 * @param activity
112 * @param description
113 */
114 public void logAdminCredentialActivity(String username, String ipaddress, String targetUser, String activity, String description);
115
116 public void logAdminAuthorizationActivity(String username, String ipaddress, String targetUser, String activity, String name, String description);
117
118 /***
119 * Log auditable activity by an administrator on attirbutes on behalf of a user
120 *
121 * @param username
122 * @param ipaddress
123 * @param targetUser
124 * @param activity
125 * @param name
126 * @param beforeValue
127 * @param afterValue
128 * @param description
129 */
130 public void logAdminAttributeActivity(String username, String ipaddress, String targetUser, String activity, String name, String beforeValue, String afterValue, String description);
131
132 /***
133 * Log auditable activity by an administrator on attirbutes on behalf of a user
134 *
135 * @param username
136 * @param ipaddress
137 * @param activity
138 * @param name
139 * @param beforeValue
140 * @param afterValue
141 * @param description
142 */
143 public void logUserAttributeActivity(String username, String ipaddress, String activity, String name, String beforeValue, String afterValue, String description);
144
145 /***
146 * @return DataSource in use by the logger useful for writing decent tests
147 */
148 public DataSource getDataSource();
149
150 }