AuditEventImpl

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jwall.web.audit
Class AuditEventImpl

java.lang.Object
  org.jwall.web.audit.AuditEventImpl

All Implemented Interfaces:: java.io.Serializable, java.lang.Comparable<AuditEvent>, AuditEvent

public class AuditEventImpl
extends java.lang.Object
implements java.lang.Comparable<AuditEvent>, java.io.Serializable, AuditEvent
extends java.lang.Object
implements java.lang.Comparable<AuditEvent>, java.io.Serializable, AuditEvent

This class defines an audit-event of modsecurity. Currently this class stores the audit-event data as an internal string and has a few hashtables to hold specific properties/fields/parameters of the parsed request. However this will hopefully be turned into an interface to achieve independance of the actual implementations of an AuditEvent.

Author:: Christian Bockermann <chris@jwall.org>
See Also:: Serialized Form

Field Summary
`protected java.lang.String`	`eventId` a unique event_id
`static java.lang.Long`	`evtCount` a count of all events alive
`static java.text.SimpleDateFormat`	`fmt` the format in which the date is printed out
`static long`	`serialVersionUID` id for serialization

Constructor Summary
`protected`	`AuditEventImpl()`
	`AuditEventImpl(AuditEventImpl evt)` This clone-constructor creates a copy of the given audit-event.
	`AuditEventImpl(java.lang.String[] data)` This creates an instance of this class by parsing all fields from the given string-array.
	`AuditEventImpl(java.lang.String id, java.lang.String[] data)` This constructor is used, when reading audit-events from a file.
	`AuditEventImpl(java.lang.String id, java.lang.String[] data, java.io.File f, long off, long size)`

Method Summary
`int`	`compareTo(AuditEvent o)`
`int`	`compareTo(AuditEventImpl o)`
`protected void`	`finalize()`
`java.lang.String`	`get(java.lang.String var)` Returns the given variable as `String` or an empty string if the variable is not set.
`java.lang.String`	`getAuditHeader()` Returns the header-section of this event.
`java.lang.String`	`getAuditLogTrailer()` Returns the header-section of this event.
`java.lang.Long`	`getCount()` This method returns the number of instances created from the underlying implementation of this interface.
`java.util.Date`	`getDate()` Returns the date of this events birth.
`java.lang.String`	`getEventId()` The unique ID, created by modsecurity.
`java.io.File`	`getFile()` This method returns the file from which the event has been read.
`java.util.Set<java.lang.String>`	`getGetParameterNames()` Returns the set of parameters (their names) that are available in the request-uri of this request.
`java.lang.String`	`getGetParameterValue(java.lang.String name)` Returns the value of the parameter `name` in the url of this request.
`long`	`getOffset()` This method returns the offset (bytes) from the beginning of the file from which this event has been read.
`java.util.Set<java.lang.String>`	`getPostParameterNames()` Returns the set of parameters (their names) that are available in the post-body of this request.
`java.lang.String`	`getPostParameterValue(java.lang.String name)` Returns the value of the parameter `name` in the post-body of this request or `null` there is no parameter with this name.
`java.lang.String[]`	`getRawData()` This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.
`long`	`getRelativeSessionTime()` Gets the number of milliseconds from the time the first event of this session has been detected.
`java.lang.String`	`getRequestBody()` Return the body of this request.
`java.lang.String`	`getRequestCookie(java.lang.String name)`
`java.util.Set<java.lang.String>`	`getRequestCookieNames()`
`java.lang.String`	`getRequestHeader()` Returns the header-section of this event.
`java.lang.String`	`getRequestHeader(java.lang.String name)` Returns the value of the specified header-field of the request.
`java.util.Set<java.lang.String>`	`getRequestHeaderNames()` Returns the set of all header-fields sent in the request.
`java.net.URL`	`getRequestURL()` Return an URL object that matches the URL requested within this event.
`java.lang.String`	`getResponseCookie(java.lang.String name)`
`java.util.Set<java.lang.String>`	`getResponseCookieNames()`
`java.lang.String`	`getResponseHeader()` Returns the header-section of this event.
`java.lang.String`	`getResponseHeader(java.lang.String name)` Returns the value of the specified header-field of the response.
`java.util.Set<java.lang.String>`	`getResponseHeaderNames()` Returns the set of all header-fields sent in the response.
`java.lang.String`	`getSection(int i)` Returns the string, which contains the whole section of this audit-event.
`java.lang.String`	`getSessionId()` The session-id of this request or an empty string, if no session-id has been set.
`long`	`getSize()`
`boolean`	`isSet(java.lang.String var)` Checks wether the given variable is set or not.
`protected void`	`parseSections(java.lang.String[] sections)`
`protected void`	`set(java.lang.String var, java.lang.String val)`
`void`	`setRelativeSessionTime(long s)` Sets the number of milliseconds from the time the first event of this session has been detected.
`void`	`setSessionId(java.lang.String id)` This method sets the session-id of this event.
`java.lang.String`	`toString()` Override `Object.toString()` by returning a String of all sections.

Methods inherited from class java.lang.Object
`clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Field Detail

serialVersionUID

public static final long serialVersionUID

id for serialization

See Also:: Constant Field Values

evtCount

public static java.lang.Long evtCount

a count of all events alive

fmt

public static final java.text.SimpleDateFormat fmt

the format in which the date is printed out

eventId

protected java.lang.String eventId

a unique event_id

Constructor Detail

AuditEventImpl

protected AuditEventImpl()

AuditEventImpl

public AuditEventImpl(AuditEventImpl evt)
               throws java.lang.Exception

This clone-constructor creates a copy of the given audit-event.

Parameters:: evt - The event to clone.
Throws:: java.lang.Exception

AuditEventImpl

public AuditEventImpl(java.lang.String[] data)
               throws java.lang.Exception

This creates an instance of this class by parsing all fields from the given string-array.

Parameters:: data - An array containing all audit-sections.
Throws:: java.lang.Exception - in case parsing failed.

AuditEventImpl

public AuditEventImpl(java.lang.String id,
                      java.lang.String[] data,
                      java.io.File f,
                      long off,
                      long size)
               throws java.lang.Exception

Throws:: java.lang.Exception

AuditEventImpl

public AuditEventImpl(java.lang.String id,
                      java.lang.String[] data)
               throws java.lang.Exception

This constructor is used, when reading audit-events from a file. This way you can make sure, that the id of the audit-event is the same as the one in the file.

Parameters:: id - The id that the new event should contain.; data - The section-data.
Throws:: java.lang.Exception - In case anything goes wrong (Parsing, etc...)

Method Detail

parseSections

protected void parseSections(java.lang.String[] sections)
                      throws java.lang.Exception

Throws:: java.lang.Exception

getEventId

public java.lang.String getEventId()

Description copied from interface: AuditEvent

The unique ID, created by modsecurity.

Specified by:: getEventId in interface AuditEvent

Returns:: A unique event id.

getSection

public java.lang.String getSection(int i)

Description copied from interface: AuditEvent

Returns the string, which contains the whole section of this audit-event. The available sections are defined in ModSecurity.java.

Specified by:: getSection in interface AuditEvent

Parameters:: i - Index of the section as defined by ModSecurity.SECTION_*.
Returns:: The string value of the appopriate section of this event.

getAuditHeader

public java.lang.String getAuditHeader()

Description copied from interface: AuditEvent

Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.AUDIT_HEADER).

Specified by:: getAuditHeader in interface AuditEvent

Returns:: The audit-header string.

getRequestHeader

public java.lang.String getRequestHeader()

Description copied from interface: AuditEvent

Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.REQUEST_HEADER).

Specified by:: getRequestHeader in interface AuditEvent

Returns:: The request-header string.

getRequestBody

public java.lang.String getRequestBody()

Description copied from interface: AuditEvent

Return the body of this request. If no body is available an empty string is returned.

Specified by:: getRequestBody in interface AuditEvent

Returns:: The request-body string.

getResponseHeader

public java.lang.String getResponseHeader()

Description copied from interface: AuditEvent

Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.FINAL_RESPONSE_HEADER).

Specified by:: getResponseHeader in interface AuditEvent

Returns:: The final reponse-header string.

getAuditLogTrailer

public java.lang.String getAuditLogTrailer()

Description copied from interface: AuditEvent

Returns the header-section of this event. This is equivalent to calling getSection(ModSecurity.AUDIT_TRAILER).

Specified by:: getAuditLogTrailer in interface AuditEvent

Returns:: The audit-trailer string.

getRequestHeader

public java.lang.String getRequestHeader(java.lang.String name)

Description copied from interface: AuditEvent

Returns the value of the specified header-field of the request. Use HEADLINE to retrieve the first line of the request.

Specified by:: getRequestHeader in interface AuditEvent

Parameters:: name - The header-field to be returned (see org.modsecurity.HttpProtocol)
Returns:: The value of this header-field, or null if not set.

getRequestHeaderNames

public java.util.Set<java.lang.String> getRequestHeaderNames()

Description copied from interface: AuditEvent

Returns the set of all header-fields sent in the request.

Specified by:: getRequestHeaderNames in interface AuditEvent

Returns:: The set of strings of all header-fields.

getResponseHeader

public java.lang.String getResponseHeader(java.lang.String name)

Description copied from interface: AuditEvent

Returns the value of the specified header-field of the response.

Specified by:: getResponseHeader in interface AuditEvent

Parameters:: name - The header-field name.
Returns:: The string-value of this header field or null if not set.

getResponseHeaderNames

public java.util.Set<java.lang.String> getResponseHeaderNames()

Description copied from interface: AuditEvent

Returns the set of all header-fields sent in the response. Use HEADLINE to retrieve the first line of the response.

Specified by:: getResponseHeaderNames in interface AuditEvent

Returns:: The set of all header-field names.

getDate

public java.util.Date getDate()

Description copied from interface: AuditEvent

Returns the date of this events birth. The value of this date is parsed from the audit-event entry.

Specified by:: getDate in interface AuditEvent

Returns:: The date when this event was created.

getSessionId

public java.lang.String getSessionId()

Description copied from interface: AuditEvent

The session-id of this request or an empty string, if no session-id has been set.

Specified by:: getSessionId in interface AuditEvent

Returns:: The session id.

setSessionId

public void setSessionId(java.lang.String id)

Description copied from interface: AuditEvent

This method sets the session-id of this event. Its primary use is to group several events by external session-trackers.

Specified by:: setSessionId in interface AuditEvent

Parameters:: id - The id of the session with which this event is associated.

isSet

public boolean isSet(java.lang.String var)

Description copied from interface: AuditEvent

Checks wether the given variable is set or not.

Specified by:: isSet in interface AuditEvent

Parameters:: var - The name of the variable that is checked.
Returns:: true iff the variable is set.

get

public java.lang.String get(java.lang.String var)

Description copied from interface: AuditEvent

Returns the given variable as String or an empty string if the variable is not set. To test if a variable has been set use isSet(String variable).

Specified by:: get in interface AuditEvent

Parameters:: var - The name of the variable.
Returns:: The value of this variable.

set

protected void set(java.lang.String var,
                   java.lang.String val)

getGetParameterNames

public java.util.Set<java.lang.String> getGetParameterNames()

Description copied from interface: AuditEvent

Returns the set of parameters (their names) that are available in the request-uri of this request.

Specified by:: getGetParameterNames in interface AuditEvent

Returns:: Set of parameter-names.

getGetParameterValue

public java.lang.String getGetParameterValue(java.lang.String name)

Description copied from interface: AuditEvent

Returns the value of the parameter name in the url of this request.

Specified by:: getGetParameterValue in interface AuditEvent

Parameters:: name - The parameter name.
Returns:: The value of parameter name.

getPostParameterNames

public java.util.Set<java.lang.String> getPostParameterNames()

Description copied from interface: AuditEvent

Returns the set of parameters (their names) that are available in the post-body of this request.

Specified by:: getPostParameterNames in interface AuditEvent

Returns:: Set of parameter-names, parsed from the request-body.

getPostParameterValue

public java.lang.String getPostParameterValue(java.lang.String name)

Description copied from interface: AuditEvent

Returns the value of the parameter name in the post-body of this request or null there is no parameter with this name.

Specified by:: getPostParameterValue in interface AuditEvent

Parameters:: name - The name of the parameter.
Returns:: The raw value of this parameter as read in the request-body.

getRequestCookieNames

public java.util.Set<java.lang.String> getRequestCookieNames()

Specified by:: getRequestCookieNames in interface AuditEvent

getRequestCookie

public java.lang.String getRequestCookie(java.lang.String name)

Specified by:: getRequestCookie in interface AuditEvent

getResponseCookieNames

public java.util.Set<java.lang.String> getResponseCookieNames()

Specified by:: getResponseCookieNames in interface AuditEvent

getResponseCookie

public java.lang.String getResponseCookie(java.lang.String name)

Specified by:: getResponseCookie in interface AuditEvent

toString

public java.lang.String toString()

Override Object.toString() by returning a String of all sections.

Overrides:: toString in class java.lang.Object

compareTo

public int compareTo(AuditEvent o)

Specified by:: compareTo in interface java.lang.Comparable<AuditEvent>
Specified by:: compareTo in interface AuditEvent

compareTo

public int compareTo(AuditEventImpl o)

setRelativeSessionTime

public void setRelativeSessionTime(long s)

Description copied from interface: AuditEvent

Sets the number of milliseconds from the time the first event of this session has been detected.

Specified by:: setRelativeSessionTime in interface AuditEvent

Parameters:: s - Time in milliseconds.

getRelativeSessionTime

public long getRelativeSessionTime()

Description copied from interface: AuditEvent

Gets the number of milliseconds from the time the first event of this session has been detected.

Specified by:: getRelativeSessionTime in interface AuditEvent

Returns:: The number of milliseconds since session-start.

getRawData

public java.lang.String[] getRawData()

Description copied from interface: AuditEvent

This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.

Specified by:: getRawData in interface AuditEvent

Returns:: The list of section-strings.

finalize

protected void finalize()
                 throws java.lang.Throwable

Overrides:: finalize in class java.lang.Object

Throws:: java.lang.Throwable

getCount

public java.lang.Long getCount()

Description copied from interface: AuditEvent

This method returns the number of instances created from the underlying implementation of this interface. This is used for debugging memory-leaks based on event-objects that get created somewhere and are never released.

Specified by:: getCount in interface AuditEvent

Returns:: The number of instances of the implementing AuditEvent class.

getRequestURL

public java.net.URL getRequestURL()

Description copied from interface: AuditEvent

Return an URL object that matches the URL requested within this event.

Specified by:: getRequestURL in interface AuditEvent

Returns:: The url of the request.

getFile

public java.io.File getFile()

Description copied from interface: AuditEvent

This method returns the file from which the event has been read. This is set by one of the reader-classes. In case the event has not been read from a file null is returned.

Specified by:: getFile in interface AuditEvent

Returns:: The file from which this event has been read.

getOffset

public long getOffset()

Description copied from interface: AuditEvent

This method returns the offset (bytes) from the beginning of the file from which this event has been read.

Specified by:: getOffset in interface AuditEvent

Returns:: The offset within the source-file.

getSize

public long getSize()

Specified by:: getSize in interface AuditEvent

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jwall.web.audit Class AuditEventImpl

serialVersionUID

evtCount

fmt

eventId

AuditEventImpl

AuditEventImpl

AuditEventImpl

AuditEventImpl

AuditEventImpl

parseSections

getEventId

getSection

getAuditHeader

getRequestHeader

getRequestBody

getResponseHeader

getAuditLogTrailer

getRequestHeader

getRequestHeaderNames

getResponseHeader

getResponseHeaderNames

getDate

getSessionId

setSessionId

isSet

get

set

getGetParameterNames

getGetParameterValue

getPostParameterNames

getPostParameterValue

getRequestCookieNames

getRequestCookie

getResponseCookieNames

getResponseCookie

toString

compareTo

compareTo

setRelativeSessionTime

getRelativeSessionTime

getRawData

finalize

getCount

getRequestURL

getFile

getOffset

getSize

org.jwall.web.audit
Class AuditEventImpl