Package oracle.iam.auditevent.api
Interface AuditEventManager
public interface AuditEventManager
The AuditEventManager is the interface for the Lightweight Audit Framework.
It gives various APIs to log successful and failure audit messages.
It provides
It provides
getDetails() and search() APIs as well to find specific audit events- Author:
- Abhimanyu Seth
-
Method Summary
Modifier and TypeMethodDescriptioncreate(AuditEvent auditEvent) Creates the audit event in the backend.createBulkAuditEvents(List<AuditEvent> auditEvents) Bulk API to create the audit events in the backend.deleteBulkAuditEvents(SearchCriteria filter, Map<String, Object> options) getDetails(String eventId, Set<String> retAttrs) Given an audit event ID, you can use this API to get the details of the audit eventvoidlog(AuditEvent event) This method logs the given event as is.voidThis API accepts the entity details as parameters and creates a failure audit event internally This will internally invokelog(AuditEvent event) APIvoidlogFailure(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, Object> removeValues, String reason) This API accepts the entity details as parameters and creates a failure audit event internally This will internally invokelog(AuditEvent event) APIvoidlogFailure(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, Object> removeValues, String toEntityId, String toEntityName, String toEntityType, String reason) This API accepts the entity details as parameters and creates a failure audit event internally This should be invoked for relationship entities (likeRoleRoleorRoleUser) This will internally invokelog(AuditEvent event) APIvoidlogSuccess(String entityId, String entityName, String entityType, String action) This API accepts the entity details as parameters and creates an audit event internally This will internally invokelog(AuditEvent event) APIvoidlogSuccess(String entityId, String entityName, String entityType, String action, String toEntityId, String toEntityName, String toEntityType) This API accepts the entity details as parameters and creates an audit event internally This should be invoked for relationship entities (likeRoleRoleorRoleUserThis will internally invokelog(AuditEvent event) APIvoidlogSuccess(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, Object> removeValues) This API accepts the entity details as parameters and creates an audit event internally This will internally invokelog(AuditEvent event) APIvoidlogSuccess(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, Object> removeValues, String toEntityId, String toEntityName, String toEntityType) This API accepts the entity details as parameters and creates an audit event internally This should be invoked for relationship entities (likeRoleRoleorRoleUserThis will internally invokelog(AuditEvent event) APIThis API lets you query for audit events by most fields of audit event.booleanvalidateAuditEventIntegrity(String eventId) Validates the saved hash of the audit record is still valid, by computing new hash and comparing
-
Method Details
-
log
This method logs the given event as is. If there are any mandatory null fields, those are populated with default values as follows
eventActorId = -1000
eventActorName = ANONYMOUS eventMechanish = ADMIN This will internally invokecreate(AuditEvent entity) API- Parameters:
event- The audit event to be logged- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logSuccess
void logSuccess(String entityId, String entityName, String entityType, String action) throws AuditEventCreateException, AccessDeniedException This API accepts the entity details as parameters and creates an audit event internally This will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActions- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logSuccess
void logSuccess(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, throws AuditEventCreateException, AccessDeniedExceptionObject> removeValues) This API accepts the entity details as parameters and creates an audit event internally This will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActionsaddValues- the values being added in this operation on the entityIdremoveValues- the values being replaced/removed (if any) during the operation- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logSuccess
void logSuccess(String entityId, String entityName, String entityType, String action, String toEntityId, String toEntityName, String toEntityType) throws AuditEventCreateException, AccessDeniedException This API accepts the entity details as parameters and creates an audit event internally This should be invoked for relationship entities (likeRoleRoleorRoleUserThis will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActionstoEntityId- The other entityId in a relation - e.g. if entityId is for a role, then toEntityId can be a user idtoEntityName- The name of the other entitytoEntityType- The type of the other entity- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logSuccess
void logSuccess(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, throws AuditEventCreateException, AccessDeniedExceptionObject> removeValues, String toEntityId, String toEntityName, String toEntityType) This API accepts the entity details as parameters and creates an audit event internally This should be invoked for relationship entities (likeRoleRoleorRoleUserThis will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActionsaddValues- the values being added in this operation on the entityIdremoveValues- the values being replaced/removed (if any) during the operationtoEntityId- The other entityId in a relation - e.g. if entityId is for a role, then toEntityId can be a user idtoEntityName- The name of the other entitytoEntityType- The type of the other entity- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logFailure
void logFailure(String entityId, String entityName, String entityType, String action, String reason) throws AuditEventCreateException, AccessDeniedException This API accepts the entity details as parameters and creates a failure audit event internally This will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActionsreason- The reason for the failure - the error message- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logFailure
void logFailure(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, throws AuditEventCreateException, AccessDeniedExceptionObject> removeValues, String reason) This API accepts the entity details as parameters and creates a failure audit event internally This will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActionsaddValues- the values being added in this operation on the entityIdremoveValues- the values being replaced/removed (if any) during the operationreason- The reason for the failure - the error message- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
logFailure
void logFailure(String entityId, String entityName, String entityType, String action, Map<String, Object> addValues, Map<String, throws AuditEventCreateException, AccessDeniedExceptionObject> removeValues, String toEntityId, String toEntityName, String toEntityType, String reason) This API accepts the entity details as parameters and creates a failure audit event internally This should be invoked for relationship entities (likeRoleRoleorRoleUser) This will internally invokelog(AuditEvent event) API- Parameters:
entityId- The entityId (key) of the entity being audited (can NOT be null)entityName- The entity name of the entity being audited (can NOT be null)entityType- The entity type of the entity being audited (can NOT be null)action- The type of operationAuditConstants.AuditEventActionsaddValues- the values being added in this operation on the entityIdremoveValues- the values being replaced/removed (if any) during the operationtoEntityId- The other entityId in a relation - e.g. if entityId is for a role, then toEntityId can be a user idtoEntityName- The name of the other entitytoEntityType- The type of the other entityreason- The reason for the failure - the error message- Throws:
AuditEventCreateException- In case there's any exception while auditing the eventAccessDeniedException- In case user doesn't have authorization to audit
-
create
AuditEventManagerResult create(AuditEvent auditEvent) throws ValidationFailedException, EntityAlreadyExistsException, EntityLockedException, EntityCreateException, AccessDeniedException Creates the audit event in the backend. If auditevent is populated correctly, this API may be directly called instead of logSuccess/logFailure- Parameters:
auditEvent- The audit event being created- Returns:
- the result with success/failure status
- Throws:
ValidationFailedException- In case there any validation failureEntityAlreadyExistsException- Not applicable to AuditEventEntityLockedException- Not applicable to AuditEventEntityCreateException- In case there's any exception while creating the audit eventAccessDeniedException- In case user doesn't have authorization to audit
-
createBulkAuditEvents
AuditEventManagerBulkResult createBulkAuditEvents(List<AuditEvent> auditEvents) throws ValidationFailedException, EntityAlreadyExistsException, EntityLockedException, EntityCreateException, AccessDeniedException Bulk API to create the audit events in the backend.- Parameters:
auditEvents- The list of audit event being created in bulk- Returns:
- the result with success/failure status
- Throws:
ValidationFailedException- In case there any validation failureEntityAlreadyExistsException- Not applicable to AuditEventEntityLockedException- Not applicable to AuditEventEntityCreateException- In case there's any exception while creating the audit eventAccessDeniedException- In case user doesn't have authorization to audit
-
getDetails
AuditEvent getDetails(String eventId, Set<String> retAttrs) throws oracle.iam.platform.entitymgr.NoSuchEntityException, EntitySearchException, ValidationFailedException, AccessDeniedException Given an audit event ID, you can use this API to get the details of the audit event- Parameters:
eventId- The audit event ID which would identify an audit event entryretAttrs- The values to be retrieved for the audit event.- Returns:
- The audit event which matches the ID
- Throws:
oracle.iam.platform.entitymgr.NoSuchEntityException- If this event id doesn't existEntitySearchException- If an error occurred while finding the audit eventValidationFailedException- Not applicable to AuditEventAccessDeniedException- In case user doesn't have authorization to find an audit event
-
search
List<AuditEvent> search(SearchCriteria sc, Set<String> retAttrs, Map<String, Object> config) throws EntitySearchException, oracle.iam.platform.entitymgr.NoSuchEntityException, ValidationFailedException, AccessDeniedExceptionThis API lets you query for audit events by most fields of audit event.- Parameters:
sc- The search criteria for finding audit events for specific entitiesretAttrs- The values to be retrieved for the audit eventsconfig- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to
Role Nameby default.The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
- Returns:
- the list of auditevents matching the criteria. Empty list is returned if no matches are found
- Throws:
oracle.iam.platform.entitymgr.NoSuchEntityException- Not applicable to AuditEventEntitySearchException- If an error occurred while searching by the criteriaValidationFailedException- Not applicable to AuditEventAccessDeniedException- In case user doesn't have authorization to search for audit events
-
deleteBulkAuditEvents
AuditEventManagerBulkResult deleteBulkAuditEvents(SearchCriteria filter, Map<String, Object> options) throws oracle.iam.platform.entitymgr.NoSuchEntityException, UnsupportedOperationException, oracle.iam.platform.entitymgr.ProviderException, EntityLockedException, EntityDeleteException- Parameters:
filter- The search criteria for finding Audit Events to delete.options- The operation parameters, e.g. batch size.- Returns:
- AuditEventManagerBulkResult containing status plus a Map of returned values.
- Throws:
oracle.iam.platform.entitymgr.NoSuchEntityException- Not applicable to AuditEventEntityDeleteException- If an error occurred while deleting the audit events.EntityLockedExceptionoracle.iam.platform.entitymgr.ProviderException- If the provider throws an exception.UnsupportedOperationException- If the provider does not support the remove operation.
-
validateAuditEventIntegrity
boolean validateAuditEventIntegrity(String eventId) throws oracle.iam.platform.entitymgr.NoSuchEntityException, EntitySearchException, ValidationFailedException, AccessDeniedException, oracle.iam.platform.utils.crypto.CryptoException Validates the saved hash of the audit record is still valid, by computing new hash and comparing- Parameters:
eventId- The audit event id- Returns:
- true if the stored hash is still valid for the audit record.
- Throws:
oracle.iam.platform.entitymgr.NoSuchEntityException- If this event id doesn't existEntitySearchException- If an error occurred while finding the audit eventValidationFailedException- Not applicable to AuditEventAccessDeniedException- In case user doesn't have authorization to find an audit eventoracle.iam.platform.utils.crypto.CryptoException
-