org.jwall.web.audit
Class AuditEventImpl

java.lang.Object
  extended by org.jwall.web.audit.AuditEventImpl
All Implemented Interfaces:
java.io.Serializable, java.lang.Comparable<AuditEvent>, AuditEvent

public class AuditEventImpl
extends java.lang.Object
implements java.lang.Comparable<AuditEvent>, java.io.Serializable, AuditEvent

This class defines an audit-event of modsecurity. Currently this class stores the audit-event data as an internal string and has a few hashtables to hold specific properties/fields/parameters of the parsed request. However this will hopefully be turned into an interface to achieve independance of the actual implementations of an AuditEvent.

Author:
Christian Bockermann <chris@jwall.org>
See Also:
Serialized Form

Field Summary
protected  java.lang.String eventId
          a unique event_id
static java.lang.Long evtCount
          a count of all events alive
static java.text.SimpleDateFormat fmt
          the format in which the date is printed out
static long serialVersionUID
          id for serialization
 
Constructor Summary
protected AuditEventImpl()
           
  AuditEventImpl(AuditEventImpl evt)
          This clone-constructor creates a copy of the given audit-event.
  AuditEventImpl(java.lang.String[] data)
          This creates an instance of this class by parsing all fields from the given string-array.
  AuditEventImpl(java.lang.String id, java.lang.String[] data)
          This constructor is used, when reading audit-events from a file.
  AuditEventImpl(java.lang.String id, java.lang.String[] data, java.io.File f, long off, long size)
           
 
Method Summary
 int compareTo(AuditEvent o)
           
 int compareTo(AuditEventImpl o)
           
protected  void finalize()
           
 java.lang.String get(java.lang.String var)
          Returns the given variable as String or an empty string if the variable is not set.
 java.lang.String getAuditHeader()
          Returns the header-section of this event.
 java.lang.String getAuditLogTrailer()
          Returns the header-section of this event.
 java.lang.Long getCount()
          This method returns the number of instances created from the underlying implementation of this interface.
 java.util.Date getDate()
          Returns the date of this events birth.
 java.lang.String getEventId()
          The unique ID, created by modsecurity.
 java.io.File getFile()
          This method returns the file from which the event has been read.
 java.util.Set<java.lang.String> getGetParameterNames()
          Returns the set of parameters (their names) that are available in the request-uri of this request.
 java.lang.String getGetParameterValue(java.lang.String name)
          Returns the value of the parameter name in the url of this request.
 long getOffset()
          This method returns the offset (bytes) from the beginning of the file from which this event has been read.
 java.util.Set<java.lang.String> getPostParameterNames()
          Returns the set of parameters (their names) that are available in the post-body of this request.
 java.lang.String getPostParameterValue(java.lang.String name)
          Returns the value of the parameter name in the post-body of this request or null there is no parameter with this name.
 java.lang.String[] getRawData()
          This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.
 long getRelativeSessionTime()
          Gets the number of milliseconds from the time the first event of this session has been detected.
 java.lang.String getRequestBody()
          Return the body of this request.
 java.lang.String getRequestCookie(java.lang.String name)
           
 java.util.Set<java.lang.String> getRequestCookieNames()
           
 java.lang.String getRequestHeader()
          Returns the header-section of this event.
 java.lang.String getRequestHeader(java.lang.String name)
          Returns the value of the specified header-field of the request.
 java.util.Set<java.lang.String> getRequestHeaderNames()
          Returns the set of all header-fields sent in the request.
 java.net.URL getRequestURL()
          Return an URL object that matches the URL requested within this event.
 java.lang.String getResponseCookie(java.lang.String name)
           
 java.util.Set<java.lang.String> getResponseCookieNames()
           
 java.lang.String getResponseHeader()
          Returns the header-section of this event.
 java.lang.String getResponseHeader(java.lang.String name)
          Returns the value of the specified header-field of the response.
 java.util.Set<java.lang.String> getResponseHeaderNames()
          Returns the set of all header-fields sent in the response.
 java.lang.String getSection(int i)
          Returns the string, which contains the whole section of this audit-event.
 java.lang.String getSessionId()
          The session-id of this request or an empty string, if no session-id has been set.
 long getSize()
           
 boolean isSet(java.lang.String var)
          Checks wether the given variable is set or not.
protected  void parseSections(java.lang.String[] sections)
           
protected  void set(java.lang.String var, java.lang.String val)
           
 void setRelativeSessionTime(long s)
          Sets the number of milliseconds from the time the first event of this session has been detected.
 void setSessionId(java.lang.String id)
          This method sets the session-id of this event.
 java.lang.String toString()
          Override Object.toString() by returning a String of all sections.
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

serialVersionUID

public static final long serialVersionUID
id for serialization

See Also:
Constant Field Values

evtCount

public static java.lang.Long evtCount
a count of all events alive


fmt

public static final java.text.SimpleDateFormat fmt
the format in which the date is printed out


eventId

protected java.lang.String eventId
a unique event_id

Constructor Detail

AuditEventImpl

protected AuditEventImpl()

AuditEventImpl

public AuditEventImpl(AuditEventImpl evt)
               throws java.lang.Exception
This clone-constructor creates a copy of the given audit-event.

Parameters:
evt - The event to clone.
Throws:
java.lang.Exception

AuditEventImpl

public AuditEventImpl(java.lang.String[] data)
               throws java.lang.Exception
This creates an instance of this class by parsing all fields from the given string-array.

Parameters:
data - An array containing all audit-sections.
Throws:
java.lang.Exception - in case parsing failed.

AuditEventImpl

public AuditEventImpl(java.lang.String id,
                      java.lang.String[] data,
                      java.io.File f,
                      long off,
                      long size)
               throws java.lang.Exception
Throws:
java.lang.Exception

AuditEventImpl

public AuditEventImpl(java.lang.String id,
                      java.lang.String[] data)
               throws java.lang.Exception
This constructor is used, when reading audit-events from a file. This way you can make sure, that the id of the audit-event is the same as the one in the file.

Parameters:
id - The id that the new event should contain.
data - The section-data.
Throws:
java.lang.Exception - In case anything goes wrong (Parsing, etc...)
Method Detail

parseSections

protected void parseSections(java.lang.String[] sections)
                      throws java.lang.Exception
Throws:
java.lang.Exception

getEventId

public java.lang.String getEventId()
Description copied from interface: AuditEvent
The unique ID, created by modsecurity.

Specified by:
getEventId in interface AuditEvent
Returns:
A unique event id.

getSection

public java.lang.String getSection(int i)
Description copied from interface: AuditEvent
Returns the string, which contains the whole section of this audit-event. The available sections are defined in ModSecurity.java.

Specified by:
getSection in interface AuditEvent
Parameters:
i - Index of the section as defined by ModSecurity.SECTION_*.
Returns:
The string value of the appopriate section of this event.

getAuditHeader

public java.lang.String getAuditHeader()
Description copied from interface: AuditEvent
Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.AUDIT_HEADER).

Specified by:
getAuditHeader in interface AuditEvent
Returns:
The audit-header string.

getRequestHeader

public java.lang.String getRequestHeader()
Description copied from interface: AuditEvent
Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.REQUEST_HEADER).

Specified by:
getRequestHeader in interface AuditEvent
Returns:
The request-header string.

getRequestBody

public java.lang.String getRequestBody()
Description copied from interface: AuditEvent
Return the body of this request. If no body is available an empty string is returned.

Specified by:
getRequestBody in interface AuditEvent
Returns:
The request-body string.

getResponseHeader

public java.lang.String getResponseHeader()
Description copied from interface: AuditEvent
Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.FINAL_RESPONSE_HEADER).

Specified by:
getResponseHeader in interface AuditEvent
Returns:
The final reponse-header string.

getAuditLogTrailer

public java.lang.String getAuditLogTrailer()
Description copied from interface: AuditEvent
Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.AUDIT_TRAILER).

Specified by:
getAuditLogTrailer in interface AuditEvent
Returns:
The audit-trailer string.

getRequestHeader

public java.lang.String getRequestHeader(java.lang.String name)
Description copied from interface: AuditEvent
Returns the value of the specified header-field of the request. Use HEADLINE to retrieve the first line of the request.

Specified by:
getRequestHeader in interface AuditEvent
Parameters:
name - The header-field to be returned (see org.modsecurity.HttpProtocol)
Returns:
The value of this header-field, or null if not set.

getRequestHeaderNames

public java.util.Set<java.lang.String> getRequestHeaderNames()
Description copied from interface: AuditEvent
Returns the set of all header-fields sent in the request.

Specified by:
getRequestHeaderNames in interface AuditEvent
Returns:
The set of strings of all header-fields.

getResponseHeader

public java.lang.String getResponseHeader(java.lang.String name)
Description copied from interface: AuditEvent
Returns the value of the specified header-field of the response.

Specified by:
getResponseHeader in interface AuditEvent
Parameters:
name - The header-field name.
Returns:
The string-value of this header field or null if not set.

getResponseHeaderNames

public java.util.Set<java.lang.String> getResponseHeaderNames()
Description copied from interface: AuditEvent
Returns the set of all header-fields sent in the response. Use HEADLINE to retrieve the first line of the response.

Specified by:
getResponseHeaderNames in interface AuditEvent
Returns:
The set of all header-field names.

getDate

public java.util.Date getDate()
Description copied from interface: AuditEvent
Returns the date of this events birth. The value of this date is parsed from the audit-event entry.

Specified by:
getDate in interface AuditEvent
Returns:
The date when this event was created.

getSessionId

public java.lang.String getSessionId()
Description copied from interface: AuditEvent
The session-id of this request or an empty string, if no session-id has been set.

Specified by:
getSessionId in interface AuditEvent
Returns:
The session id.

setSessionId

public void setSessionId(java.lang.String id)
Description copied from interface: AuditEvent
This method sets the session-id of this event. Its primary use is to group several events by external session-trackers.

Specified by:
setSessionId in interface AuditEvent
Parameters:
id - The id of the session with which this event is associated.

isSet

public boolean isSet(java.lang.String var)
Description copied from interface: AuditEvent
Checks wether the given variable is set or not.

Specified by:
isSet in interface AuditEvent
Parameters:
var - The name of the variable that is checked.
Returns:
true iff the variable is set.

get

public java.lang.String get(java.lang.String var)
Description copied from interface: AuditEvent
Returns the given variable as String or an empty string if the variable is not set. To test if a variable has been set use isSet(String variable).

Specified by:
get in interface AuditEvent
Parameters:
var - The name of the variable.
Returns:
The value of this variable.

set

protected void set(java.lang.String var,
                   java.lang.String val)

getGetParameterNames

public java.util.Set<java.lang.String> getGetParameterNames()
Description copied from interface: AuditEvent
Returns the set of parameters (their names) that are available in the request-uri of this request.

Specified by:
getGetParameterNames in interface AuditEvent
Returns:
Set of parameter-names.

getGetParameterValue

public java.lang.String getGetParameterValue(java.lang.String name)
Description copied from interface: AuditEvent
Returns the value of the parameter name in the url of this request.

Specified by:
getGetParameterValue in interface AuditEvent
Parameters:
name - The parameter name.
Returns:
The value of parameter name.

getPostParameterNames

public java.util.Set<java.lang.String> getPostParameterNames()
Description copied from interface: AuditEvent
Returns the set of parameters (their names) that are available in the post-body of this request.

Specified by:
getPostParameterNames in interface AuditEvent
Returns:
Set of parameter-names, parsed from the request-body.

getPostParameterValue

public java.lang.String getPostParameterValue(java.lang.String name)
Description copied from interface: AuditEvent
Returns the value of the parameter name in the post-body of this request or null there is no parameter with this name.

Specified by:
getPostParameterValue in interface AuditEvent
Parameters:
name - The name of the parameter.
Returns:
The raw value of this parameter as read in the request-body.

getRequestCookieNames

public java.util.Set<java.lang.String> getRequestCookieNames()
Specified by:
getRequestCookieNames in interface AuditEvent

getRequestCookie

public java.lang.String getRequestCookie(java.lang.String name)
Specified by:
getRequestCookie in interface AuditEvent

getResponseCookieNames

public java.util.Set<java.lang.String> getResponseCookieNames()
Specified by:
getResponseCookieNames in interface AuditEvent

getResponseCookie

public java.lang.String getResponseCookie(java.lang.String name)
Specified by:
getResponseCookie in interface AuditEvent

toString

public java.lang.String toString()
Override Object.toString() by returning a String of all sections.

Overrides:
toString in class java.lang.Object

compareTo

public int compareTo(AuditEvent o)
Specified by:
compareTo in interface java.lang.Comparable<AuditEvent>
Specified by:
compareTo in interface AuditEvent

compareTo

public int compareTo(AuditEventImpl o)

setRelativeSessionTime

public void setRelativeSessionTime(long s)
Description copied from interface: AuditEvent
Sets the number of milliseconds from the time the first event of this session has been detected.

Specified by:
setRelativeSessionTime in interface AuditEvent
Parameters:
s - Time in milliseconds.

getRelativeSessionTime

public long getRelativeSessionTime()
Description copied from interface: AuditEvent
Gets the number of milliseconds from the time the first event of this session has been detected.

Specified by:
getRelativeSessionTime in interface AuditEvent
Returns:
The number of milliseconds since session-start.

getRawData

public java.lang.String[] getRawData()
Description copied from interface: AuditEvent
This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.

Specified by:
getRawData in interface AuditEvent
Returns:
The list of section-strings.

finalize

protected void finalize()
                 throws java.lang.Throwable
Overrides:
finalize in class java.lang.Object
Throws:
java.lang.Throwable

getCount

public java.lang.Long getCount()
Description copied from interface: AuditEvent
This method returns the number of instances created from the underlying implementation of this interface. This is used for debugging memory-leaks based on event-objects that get created somewhere and are never released.

Specified by:
getCount in interface AuditEvent
Returns:
The number of instances of the implementing AuditEvent class.

getRequestURL

public java.net.URL getRequestURL()
Description copied from interface: AuditEvent
Return an URL object that matches the URL requested within this event.

Specified by:
getRequestURL in interface AuditEvent
Returns:
The url of the request.

getFile

public java.io.File getFile()
Description copied from interface: AuditEvent
This method returns the file from which the event has been read. This is set by one of the reader-classes. In case the event has not been read from a file null is returned.

Specified by:
getFile in interface AuditEvent
Returns:
The file from which this event has been read.

getOffset

public long getOffset()
Description copied from interface: AuditEvent
This method returns the offset (bytes) from the beginning of the file from which this event has been read.

Specified by:
getOffset in interface AuditEvent
Returns:
The offset within the source-file.

getSize

public long getSize()
Specified by:
getSize in interface AuditEvent