Interface IAccessAuditLogger

  • All Known Implementing Classes:
    AccessAuditLogger

    @StableMinor(version="15.0",
                 sinceVersion="12.3")
    public interface IAccessAuditLogger
    Logger used to log access audit entries. This log is used mainly to log audit entries to indicate some user may have accessed some personal user data.
    The main usage is:

     ManagerFactory.getAccessAuditLogger()
                    
                    // the performed action (if any)
                    .action("render")
     
                    // here some area to indicate where the access happened
                    .area("User List")
     
                    // some category may be adder if needed
                    .category("Some category")
     
                    // if the accessed user identifier is known (or if other identification is desired to be used as the user identifier, such as
                    // an email, for example), it should be added with this method
                    .accessedUserId("XXXXXX")
     
                    // if the current user identifier is known (or if other identification is desired to be used as the user identifier, such as
                    // an email, for example), it should be added with this method
                    // by default, if no user is set with this method, the currently monitored user will try to be added
                    .currentUserId("YYYYYY")
     
                    // if it is known that the access was originated by some specific URL, it should br 
                    // added in log entry using this method.
                    // if the code adding the log message is in the context of a LumisXP request,
                    // the URL will be added automatically (but still can be replaced by calling this method)
                    .url("https://some_domain/some/path/")
     
                    // if other parameters are desired to be logged as well, they should be added 
                    // with this method (the values and keys of the map will replace line endings with a space character)
                    .extraParameters(Map.of("some extra parameter", "the parameter value"))
     
                    // write the log message. 
                    // if the "log" method is not called, the log entry will not be recorded.
                    // if no log message is desired, .log() could have been used instead
                    .log("Rendered some user information here");
     


    With the default log configuration, the example entry would be written as:
     2020-02-10 16:24:07,731
            IP: [172.18.0.1]
            LOGIN: [yoda]
            URL: [https://some_domain/some/path/]
            AREA: [User List]
            CATEGORY: [Some category]
            ACTION: [render]
            CURRENT_USER_ID: [YYYYYY]
            ACCESSED_USER_ID: [XXXXXX]
            EXTRA_PARAMS: [{some extra parameter: the parameter value}]
            THREAD: [Thread name goes here]
            MESSAGE: Rendered some user information here
     

    The log categories of this log are:
    • lumisservice
    • lumisservice.lumis
    • lumisservice.lumis.util
    • lumisservice.lumis.util.log
    • lumisservice.lumis.util.log.AccessAuditLogger


    The default log configuration includes a mapping for the lumisservice.lumis.util.log.AccessAuditLogger category for the AccessAuditLoggerAppender appender. This appender, in the default log configuration, writes the messages to a file ${lumisdata}/log/lumis/accessaudit/accessaudit.log and is configured to roll the file every day at midnight without removing old files.

    In most cases, neither URL nor current user identifier will be necessary to be explicitly set.
    Since:
    12.3.0
    Version:
    $Revision: 25303 $ $Date: 2022-10-22 22:48:02 -0300 (Sat, 22 Oct 2022) $
    • Method Detail

      • url

        IAccessAuditLogger url​(java.lang.String url)
        Sets the URL that generated the access. If the code that will log an access entry runs within a LumisXP request cycle (within a data provider, for example), the access URL will automatically be available to the log entry and may be omitted.
        Parameters:
        url - the accessed URL that generated the access.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • area

        IAccessAuditLogger area​(java.lang.String area)
        Sets the area from where the access was generated from (if any).
        Parameters:
        area - the area.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • category

        IAccessAuditLogger category​(java.lang.String category)
        Sets the category from where the access was generated from (if any).
        Parameters:
        category - the category.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • action

        IAccessAuditLogger action​(java.lang.String action)
        Sets the action performed when the access was generated (if any).
        Parameters:
        action - the action.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • accessedUserId

        IAccessAuditLogger accessedUserId​(java.lang.String accessedUserId)
        Sets the accessed user identifier (if any).
        Parameters:
        accessedUserId - the accessed user identifier.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • currentUserId

        IAccessAuditLogger currentUserId​(java.lang.String currentUserId)
        Sets the current user identifier (if any). If the code that will log an access entry does not add a current user identifier, the currently monitored user will try to be added automatically when the log happens.
        Parameters:
        currentUserId - the current user identifier.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • extraParameters

        IAccessAuditLogger extraParameters​(java.util.Map<java.lang.String,​java.lang.String> extraParameters)
        Sets any desired extra parameters to be logged.
        Parameters:
        extraParameters - the extra parameters.
        Returns:
        this logger to chain commands.
        Since:
        12.3.0
      • log

        void log()
        Log an access audit entry with no message.
        Since:
        12.3.0
      • log

        void log​(java.lang.String message)
        Log an access audit entry with the given message.
        Parameters:
        message - the message.
        Since:
        12.3.0