Added ability to indicate that a providre does not want to hear user or group...

Added ability to indicate that a providre does not want to hear user or group security audit events.
Minor tweaks to clearspace security audit provider.  Nothing big yet.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9951 b35dd754-fafc-0310-a699-88a17e54d16e

src/java/org/jivesoftware/openfire/clearspace/ClearspaceSecurityAuditProvider.java

@@ -50,14 +50,21 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider {
     public void logEvent(String username, String summary, String details) {
         try {
             // Request to log event
-            String path = AUDIT_URL_PREFIX + "auditMethodCall";
+            String path = AUDIT_URL_PREFIX + "audit";
 
             // Creates the XML with the data
             Document auditDoc =  DocumentHelper.createDocument();
-            Element rootE = auditDoc.addElement("auditMethodCall");
-            rootE.addElement("username").addText(username);
-            rootE.addElement("description").addText(summary);
-            rootE.addElement("details").addText(details);
+            Element rootE = auditDoc.addElement("auditEvent");
+            Element userE = rootE.addElement("username");
+            userE.addText(username);
+            Element descE = rootE.addElement("description");
+            if (summary != null) {
+                descE.addText(summary);
+            }
+            Element detlE = rootE.addElement("details");
+            if (details != null) {
+                detlE.addText(details);
+            }
 
             manager.executeRequest(POST, path, auditDoc.asXML());
         }
@@ -104,7 +111,7 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider {
     public String getAuditURL() {
         String url = ClearspaceManager.getInstance().getConnectionURI();
         if (url != null) {
-            url += "/admin/view-audit-log.jspa";
+            url += "admin/view-audit-log.jspa";
             return url;
         }
         else {
@@ -112,4 +119,20 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider {
         }
     }
 
+    /**
+     * Clearspace handles logging it's own user events.
+     * @see org.jivesoftware.openfire.security.SecurityAuditProvider#blockUserEvents()
+     */
+    public boolean blockUserEvents() {
+        return true;
+    }
+
+    /**
+     * Clearspace handles logging it's own group events.
+     * @see org.jivesoftware.openfire.security.SecurityAuditProvider#blockGroupEvents()
+     */
+    public boolean blockGroupEvents() {
+        return true;
+    }
+
 }

src/java/org/jivesoftware/openfire/security/DefaultSecurityAuditProvider.java

@@ -186,7 +186,6 @@ public class DefaultSecurityAuditProvider implements SecurityAuditProvider {
      * The default provider writes logs into a local Openfire database.
      * @see org.jivesoftware.openfire.security.SecurityAuditProvider#isWriteOnly()
      */
-
     public boolean isWriteOnly() {
         return false;
     }
@@ -199,4 +198,20 @@ public class DefaultSecurityAuditProvider implements SecurityAuditProvider {
         return null;
     }
 
+    /**
+     * The default provider logs user events.
+     * @see org.jivesoftware.openfire.security.SecurityAuditProvider#blockUserEvents()
+     */
+    public boolean blockUserEvents() {
+        return false;
+    }
+
+    /**
+     * The default provider logs group events.
+     * @see org.jivesoftware.openfire.security.SecurityAuditProvider#blockGroupEvents()
+     */
+    public boolean blockGroupEvents() {
+        return false;
+    }
+
 }

src/java/org/jivesoftware/openfire/security/SecurityAuditProvider.java

@@ -82,4 +82,22 @@ public interface SecurityAuditProvider {
      */
     public String getAuditURL();
 
+    /**
+     * Returns true if the provider should not send user change (create, edit, delete, etc) related
+     * security events on through.  This is typically used if the service the provider is working
+     * with audits it's own user events and does not need Openfire to duplicate the event.
+     *
+     * @return True if we should block user related security audit events from being handled.
+     */
+    public boolean blockUserEvents();
+
+    /**
+     * Returns true if the provider should not send group change (create, edit, delete, etc) related
+     * security events on through.  This is typically used if the service the provider is working
+     * with audits it's own group events and does not need Openfire to duplicate the event.
+     *
+     * @return True if we should block group related security audit events from being handled.
+     */
+    public boolean blockGroupEvents();
+
 }

src/web/group-create.jsp

@@ -17,6 +17,7 @@
 <%@ page import="java.net.URLEncoder"%>
 <%@ page import="java.util.HashMap"%>
 <%@ page import="java.util.Map"%>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -63,8 +64,10 @@
                 newGroup.getProperties().put("sharedRoster.displayName", "");
                 newGroup.getProperties().put("sharedRoster.groupList", "");
 
-                // Log the event
-                webManager.logEvent("created new group "+name, "description = "+description);
+                if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+                    // Log the event
+                    webManager.logEvent("created new group "+name, "description = "+description);
+                }
 
                 // Successful, so redirect
                 response.sendRedirect("group-edit.jsp?creategroupsuccess=true&group=" + URLEncoder.encode(newGroup.getName(), "UTF-8"));
@@ -94,8 +97,10 @@
                     group.setDescription(description);
                 }
 
-                // Log the event
-                webManager.logEvent("edited group "+groupName, "description = "+description);
+                if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+                    // Log the event
+                    webManager.logEvent("edited group "+groupName, "description = "+description);
+                }
 
                 // Successful, so redirect
                 response.sendRedirect("group-edit.jsp?groupChanged=true&group=" + URLEncoder.encode(group.getName(), "UTF-8"));

src/web/group-delete.jsp

@@ -14,6 +14,7 @@
                  java.net.URLEncoder"
     errorPage="error.jsp"
 %>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -39,8 +40,10 @@
     if (delete) {
         // Delete the group
         webManager.getGroupManager().deleteGroup(group);
-        // Log the event
-        webManager.logEvent("deleted group "+group, null);
+        if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+            // Log the event
+            webManager.logEvent("deleted group "+group, null);
+        }
         // Done, so redirect
         response.sendRedirect("group-summary.jsp?deletesuccess=true");
         return;

src/web/group-edit.jsp

@@ -25,6 +25,7 @@
 <%@ page import="java.net.URLDecoder"%>
 <%@ page import="java.net.URLEncoder"%>
 <%@ page import="java.util.*"%>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -87,16 +88,20 @@
                 }
                 group.getProperties().put("sharedRoster.groupList", toList(groupNames, "UTF-8"));
 
-                // Log the event
-                webManager.logEvent("enabled roster groups for "+groupName, "showinroster = "+showGroup+"\ndisplayname = "+groupDisplayName+"\ngrouplist = "+toList(groupNames, "UTF-8"));
+                if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+                    // Log the event
+                    webManager.logEvent("enabled roster groups for "+groupName, "showinroster = "+showGroup+"\ndisplayname = "+groupDisplayName+"\ngrouplist = "+toList(groupNames, "UTF-8"));
+                }
             }
             else {
                 group.getProperties().put("sharedRoster.showInRoster", "nobody");
                 group.getProperties().put("sharedRoster.displayName", "");
                 group.getProperties().put("sharedRoster.groupList", "");
 
-                // Log the event
-                webManager.logEvent("disabled roster groups for "+groupName, null);
+                if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+                    // Log the event
+                    webManager.logEvent("disabled roster groups for "+groupName, null);
+                }
             }
 
             // Get admin list and compare it the admin posted list.
@@ -131,9 +136,11 @@
         for (JID member : removeList) {
             group.getMembers().add(member);
         }
-        // Log the event
-        // TODO: Should log more here later
-        webManager.logEvent("updated group membership for "+groupName, null);
+        if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+            // Log the event
+            // TODO: Should log more here later
+            webManager.logEvent("updated group membership for "+groupName, null);
+        }
         // Get admin list and compare it the admin posted list.
         response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, "UTF-8") + "&updatesuccess=true");
         return;
@@ -167,8 +174,10 @@
             else {
                 // Admin entered a JID. Add the JID directly to the list of group members
                 added = group.getMembers().add(new JID(username));
-                // Log the event
-                webManager.logEvent("added group member to "+groupName, "username = "+username);
+                if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
+                    // Log the event
+                    webManager.logEvent("added group member to "+groupName, "username = "+username);
+                }
             }
 
             if (added) {

src/web/user-create.jsp

@@ -17,6 +17,7 @@
 %>
 <%@ page import="java.util.Map"%>
 <%@ page import="java.util.HashMap"%><%@ page import="org.xmpp.packet.JID"%>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -75,8 +76,10 @@
         if (errors.size() == 0) {
             try {
                 User newUser = webManager.getUserManager().createUser(username, password, name, email);
-                // Log the event
-                webManager.logEvent("created new user "+username, "name = "+name+", email = "+email);
+                if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
+                    // Log the event
+                    webManager.logEvent("created new user "+username, "name = "+name+", email = "+email);
+                }
 
                 // Successful, so redirect
                 if (another) {

src/web/user-delete.jsp

@@ -18,6 +18,7 @@
 <%@ page import="org.xmpp.packet.JID" %>
 <%@ page import="org.xmpp.packet.StreamError" %>
 <%@ page import="java.net.URLEncoder" %>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -49,8 +50,10 @@
         webManager.getRosterManager().deleteRoster(userAddress);
         // Delete the user from all the Groups
         GroupManager.getInstance().deleteUser(user);
-        // Log the event
-        webManager.logEvent("deleted user "+username, "full jid was "+userAddress);
+        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
+            // Log the event
+            webManager.logEvent("deleted user "+username, "full jid was "+userAddress);
+        }
         // Close the user's connection
         final StreamError error = new StreamError(StreamError.Condition.not_authorized);
         for (ClientSession sess : webManager.getSessionManager().getSessions(user.getUsername()) )

src/web/user-edit-form.jsp

@@ -13,6 +13,7 @@
                  java.net.URLEncoder"
     errorPage="error.jsp"
 %><%@ page import="org.xmpp.packet.JID"%>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -40,8 +41,10 @@
         user.setEmail(email);
         user.setName(name);
 
-        // Log the event
-        webManager.logEvent("edited user "+username, "set name = "+name+", email = "+email);
+        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
+            // Log the event
+            webManager.logEvent("edited user "+username, "set name = "+name+", email = "+email);
+        }
 
         // Changes good, so redirect
         response.sendRedirect("user-properties.jsp?editsuccess=true&username=" + URLEncoder.encode(username, "UTF-8"));

src/web/user-lockout.jsp

@@ -19,6 +19,7 @@
 <%@ page import="org.jivesoftware.openfire.lockout.LockOutManager" %>
 <%@ page import="org.jivesoftware.openfire.lockout.LockOutFlag" %>
 <%@ page import="org.jivesoftware.openfire.lockout.NotLockedOutException" %>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -63,8 +64,10 @@
         }
         // Lock out the user
         webManager.getLockOutManager().disableAccount(username, startTime, endTime);
-        // Log the event
-        webManager.logEvent("locked out user "+username, "start time = "+startTime+", end time = "+endTime);
+        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
+            // Log the event
+            webManager.logEvent("locked out user "+username, "start time = "+startTime+", end time = "+endTime);
+        }
         // Close the user's connection if the lockout is immedate
         if (webManager.getLockOutManager().isAccountDisabled(username)) {
             final StreamError error = new StreamError(StreamError.Condition.not_authorized);
@@ -89,8 +92,10 @@
     if (unlock) {
         // Unlock the user's account
         webManager.getLockOutManager().enableAccount(username);
-        // Log the event
-        webManager.logEvent("unlocked user "+username, null);
+        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
+            // Log the event
+            webManager.logEvent("unlocked user "+username, null);
+        }
         // Done, so redirect
         response.sendRedirect("user-properties.jsp?username=" + URLEncoder.encode(username, "UTF-8") + "&unlocksuccess=1");
         return;

src/web/user-password.jsp

@@ -13,6 +13,7 @@
                  java.net.URLEncoder"
     errorPage="error.jsp"
 %><%@ page import="org.xmpp.packet.JID"%>
+<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
 
 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -41,8 +42,10 @@
         // Validate the passwords:
         if (password != null && passwordConfirm != null && password.equals(passwordConfirm)) {
             user.setPassword(password);
-            // Log the event
-            admin.logEvent("set password for user "+username, null);
+            if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
+                // Log the event
+                admin.logEvent("set password for user "+username, null);
+            }
             // Done, so redirect
             response.sendRedirect("user-password.jsp?success=true&username=" + URLEncoder.encode(username, "UTF-8"));
             return;