ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  *
   8  * Unless otherwise specified, all software contained herein is licensed
   9  * under the Apache License, Version 2.0 (the "License");
  10  * you may not use this software except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *             http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  *
  21  * Unless otherwise specified, all documentation contained herein is licensed
  22  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  23  * you may not use this documentation except in compliance with the License.
  24  * You may obtain a copy of the License at
  25  *
  26  *             https://creativecommons.org/licenses/by/4.0/
  27  *
  28  * Unless required by applicable law or agreed to in writing, documentation
  29  * distributed under the License is distributed on an "AS IS" BASIS,
  30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  31  * See the License for the specific language governing permissions and
  32  * limitations under the License.
  33  *
  34  * ============LICENSE_END============================================
  35  *
  36  *
  37  */
  38 package org.onap.portalapp.portal.controller;
  39
  40 import java.text.SimpleDateFormat;
  41 import java.util.Date;
  42 import java.util.UUID;
  43
  44 import javax.servlet.http.HttpServletRequest;
  45
  46 import org.onap.portalapp.validation.DataValidator;
  47 import org.onap.portalapp.validation.SecureString;
  48 import org.slf4j.MDC;
  49 import org.springframework.beans.factory.annotation.Autowired;
  50 import org.springframework.web.bind.annotation.RequestMapping;
  51 import org.springframework.web.bind.annotation.GetMapping;
  52 import org.springframework.web.bind.annotation.RequestParam;
  53 import org.springframework.web.bind.annotation.RestController;
  54
  55 import com.att.eelf.configuration.Configuration;
  56
  57 import org.onap.portalapp.controller.EPRestrictedBaseController;
  58 import org.onap.portalapp.portal.domain.EPUser;
  59 import org.onap.portalapp.portal.domain.EcompAuditLog;
  60 import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice;
  61 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
  62 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
  63 import org.onap.portalapp.portal.utils.EcompPortalUtils;
  64 import org.onap.portalapp.portal.utils.PortalConstants;
  65 import org.onap.portalapp.util.EPUserUtils;
  66 import org.onap.portalsdk.core.domain.AuditLog;
  67 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  68 import org.onap.portalsdk.core.service.AuditService;
  69 import org.onap.portalsdk.core.util.SystemProperties;
  70
  71 @RestController
  72 @RequestMapping("/portalApi/auditLog")
  73 public class AuditLogController extends EPRestrictedBaseController {
  74         private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuditLogController.class);
  75         private static final DataValidator dataValidator = new DataValidator();
  76
  77
  78         private AuditService auditService;
  79         @Autowired
  80         public AuditLogController(AuditService auditService) {
  81                 this.auditService = auditService;
  82         }
  83
  84         /**
  85          * Store audit log of the specified access type.
  86          *
  87          * @param request
  88          *            HttpServletRequest
  89          * @param affectedAppId
  90          *            App ID
  91          * @param type
  92          *            Access type
  93          * @param comment
  94          *            Comment
  95          */
  96         @GetMapping(value = "/store", produces = "application/json")
  97         public void auditLog(HttpServletRequest request, @RequestParam String affectedAppId, @RequestParam String type,
  98                         @RequestParam String comment) {
  99                 logger.debug(EELFLoggerDelegate.debugLogger, "auditLog: appId {}, type {}, comment {}", affectedAppId, type,
 100                                 comment);
 101                 String cdType = null;
 102
 103                 SecureString secureString0 = new SecureString(affectedAppId);
 104                 SecureString secureString1 = new SecureString(type);
 105                 SecureString secureString2 = new SecureString(comment);
 106                 if (  !dataValidator.isValid(secureString0)
 107                         ||!dataValidator.isValid(secureString1)
 108                         ||!dataValidator.isValid(secureString2)){
 109                         return;
 110                 }
 111
 112                 try {
 113                         EPUser user = EPUserUtils.getUserSession(request);
 114                         /* Check type of Activity CD */
 115                         switch (type) {
 116                                 case "app":
 117                                         cdType = AuditLog.CD_ACTIVITY_APP_ACCESS;
 118                                         break;
 119                                 case "tab":
 120                                         cdType = AuditLog.CD_ACTIVITY_TAB_ACCESS;
 121                                         break;
 122                                 case "functional":
 123                                         cdType = AuditLog.CD_ACTIVITY_FUNCTIONAL_ACCESS;
 124                                         break;
 125                                 case "leftMenu":
 126                                         cdType = AuditLog.CD_ACTIVITY_LEFT_MENU_ACCESS;
 127                                         break;
 128                                 default:
 129                                         logger.error(EELFLoggerDelegate.errorLogger,
 130                                                 "Storing auditLog failed! Activity CD type is not correct.");
 131                                         break;
 132                         }
 133                         /* Store the audit log only if it contains valid Activity CD */
 134                         if (cdType != null) {
 135                                 AuditLog auditLog = new AuditLog();
 136                                 auditLog.setActivityCode(cdType);
 137                                 /*
 138                                  * Check affectedAppId and comment and see if these two values
 139                                  * are valid
 140                                  */
 141                                 if (comment != null && !comment.isEmpty() && !"undefined".equals(comment))
 142                                         auditLog.setComments(
 143                                                         EcompPortalUtils.truncateString(comment, PortalConstants.AUDIT_LOG_COMMENT_SIZE));
 144                                 if (affectedAppId != null && !affectedAppId.isEmpty() && !"undefined".equals(affectedAppId))
 145                                         auditLog.setAffectedRecordId(affectedAppId);
 146                                 long userId = EPUserUtils.getUserId(request);
 147                                 auditLog.setUserId(userId);
 148                                 MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 149                                 MDC.put(EPCommonSystemProperties.PARTNER_NAME, EPCommonSystemProperties.ECOMP_PORTAL_FE);
 150                                 MDC.put(Configuration.MDC_SERVICE_NAME, EPCommonSystemProperties.ECOMP_PORTAL_BE);
 151                                 if (MDC.get(Configuration.MDC_KEY_REQUEST_ID) == null) {
 152                                         String requestId = UUID.randomUUID().toString();
 153                                         MDC.put(Configuration.MDC_KEY_REQUEST_ID, requestId);
 154                                 }
 155                                 auditService.logActivity(auditLog, null);
 156                                 String auditMessageInfo = EPLogUtil.formatAuditLogMessage(
 157                                                 "AuditLogController.auditLog", cdType, user.getOrgUserId(), affectedAppId, comment);
 158
 159                                 EPLogUtil.logAuditMessage(logger, auditMessageInfo);
 160
 161                         }
 162                 } catch (Exception e) {
 163                         logger.error(EELFLoggerDelegate.errorLogger, "auditLog failed", e);
 164                         MDC.put(EPCommonSystemProperties.STATUS_CODE, "ERROR");
 165                 } finally{
 166                         MDC.remove(Configuration.MDC_SERVICE_NAME);
 167                         MDC.remove(EPCommonSystemProperties.PARTNER_NAME);
 168                         MDC.remove(SystemProperties.MDC_TIMER);
 169                         MDC.remove(Configuration.MDC_KEY_REQUEST_ID);
 170                         MDC.remove(EPCommonSystemProperties.STATUS_CODE);
 171                 }
 172         }
 173
 174 }