From cb163789200ba4a23936fc009611db82ca5024fd Mon Sep 17 00:00:00 2001 From: Jan Kalina Date: Wed, 19 Jul 2017 10:01:52 -0700 Subject: [PATCH] [WFCORE-3076] audit endpoints closing on stop --- .../elytron/AuditResourceDefinitions.java | 225 ++++++++++-------- 1 file changed, 124 insertions(+), 101 deletions(-) diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/AuditResourceDefinitions.java b/elytron/src/main/java/org/wildfly/extension/elytron/AuditResourceDefinitions.java index 8350c3e84a5..888cdebdd97 100644 --- a/elytron/src/main/java/org/wildfly/extension/elytron/AuditResourceDefinitions.java +++ b/elytron/src/main/java/org/wildfly/extension/elytron/AuditResourceDefinitions.java @@ -55,6 +55,7 @@ import org.jboss.dmr.ModelType; import org.jboss.msc.service.ServiceBuilder; import org.jboss.msc.service.ServiceName; +import org.jboss.msc.service.StartException; import org.jboss.msc.value.InjectedValue; import org.wildfly.extension.elytron.FileAttributeDefinitions.PathResolver; import org.wildfly.extension.elytron.TrivialService.ValueSupplier; @@ -170,6 +171,20 @@ static AggregateComponentDefinition getAggregateSecurityE static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; + private abstract static class EndpointClosingEventListenerSupplier implements ValueSupplier { + AuditEndpoint endpoint; + + @Override + public void dispose() { + if (endpoint == null) return; + try { + endpoint.close(); + } catch (IOException e) { + ROOT_LOGGER.trace("Unable to close audit endpoint", e); + } + } + } + static ResourceDefinition getFileAuditLogResourceDefinition() { AttributeDefinition[] attributes = new AttributeDefinition[] {PATH, RELATIVE_TO, SYNCHRONIZED, FORMAT }; AbstractAddStepHandler add = new TrivialAddHandler(SecurityEventListener.class, attributes, SECURITY_EVENT_LISTENER_RUNTIME_CAPABILITY) { @@ -192,30 +207,32 @@ protected ValueSupplier getValueSupplier( serviceBuilder.addDependency(pathName(relativeTo)); } - return () -> { - PathResolver pathResolver = pathResolver(); - pathResolver.path(path); - if (relativeTo != null) { - pathResolver.relativeTo(relativeTo, pathManager.getValue()); - } - File resolvedPath = pathResolver.resolve(); - - final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); - final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); - AuditEndpoint endpoint; - try { - endpoint = FileAuditEndpoint.builder().setLocation(resolvedPath.toPath()) - .setSyncOnAccept(synv) - .setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); - } catch (IOException e) { - throw ROOT_LOGGER.unableToStartService(e); - } + return new EndpointClosingEventListenerSupplier() { + @Override + public SecurityEventListener get() throws StartException { + PathResolver pathResolver = pathResolver(); + pathResolver.path(path); + if (relativeTo != null) { + pathResolver.relativeTo(relativeTo, pathManager.getValue()); + } + File resolvedPath = pathResolver.resolve(); + + final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); + final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); + try { + endpoint = FileAuditEndpoint.builder().setLocation(resolvedPath.toPath()) + .setSyncOnAccept(synv) + .setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); + } catch (IOException e) { + throw ROOT_LOGGER.unableToStartService(e); + } - return SecurityEventListener.from(AuditLogger.builder() - .setPriorityMapper(m -> EventPriority.WARNING) - .setMessageFormatter(m -> m.accept(formatter, null)) - .setAuditEndpoint(endpoint) - .build()); + return SecurityEventListener.from(AuditLogger.builder() + .setPriorityMapper(m -> EventPriority.WARNING) + .setMessageFormatter(m -> m.accept(formatter, null)) + .setAuditEndpoint(endpoint) + .build()); + } }; } }; @@ -246,34 +263,36 @@ protected ValueSupplier getValueSupplier( serviceBuilder.addDependency(pathName(relativeTo)); } - return () -> { - PathResolver pathResolver = pathResolver(); - pathResolver.path(path); - if (relativeTo != null) { - pathResolver.relativeTo(relativeTo, pathManager.getValue()); - } - File resolvedPath = pathResolver.resolve(); - - final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); - final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); - AuditEndpoint endpoint; - try { - FileAuditEndpoint.Builder builder = PeriodicRotatingFileAuditEndpoint.builder() - .setSuffix(suffix) - .setLocation(resolvedPath.toPath()) - .setSyncOnAccept(synv) - .setDateTimeFormatterSupplier(dateTimeFormatterSupplier); - - endpoint = builder.build(); - } catch (IOException e) { - throw ROOT_LOGGER.unableToStartService(e); - } + return new EndpointClosingEventListenerSupplier() { + @Override + public SecurityEventListener get() throws StartException { + PathResolver pathResolver = pathResolver(); + pathResolver.path(path); + if (relativeTo != null) { + pathResolver.relativeTo(relativeTo, pathManager.getValue()); + } + File resolvedPath = pathResolver.resolve(); + + final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); + final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); + try { + FileAuditEndpoint.Builder builder = PeriodicRotatingFileAuditEndpoint.builder() + .setSuffix(suffix) + .setLocation(resolvedPath.toPath()) + .setSyncOnAccept(synv) + .setDateTimeFormatterSupplier(dateTimeFormatterSupplier); + + endpoint = builder.build(); + } catch (IOException e) { + throw ROOT_LOGGER.unableToStartService(e); + } - return SecurityEventListener.from(AuditLogger.builder() - .setPriorityMapper(m -> EventPriority.WARNING) - .setMessageFormatter(m -> m.accept(formatter, null)) - .setAuditEndpoint(endpoint) - .build()); + return SecurityEventListener.from(AuditLogger.builder() + .setPriorityMapper(m -> EventPriority.WARNING) + .setMessageFormatter(m -> m.accept(formatter, null)) + .setAuditEndpoint(endpoint) + .build()); + } }; } }; @@ -307,39 +326,41 @@ protected ValueSupplier getValueSupplier( serviceBuilder.addDependency(pathName(relativeTo)); } - return () -> { - PathResolver pathResolver = pathResolver(); - pathResolver.path(path); - if (relativeTo != null) { - pathResolver.relativeTo(relativeTo, pathManager.getValue()); - } - File resolvedPath = pathResolver.resolve(); - - final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); - final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); - AuditEndpoint endpoint; - try { - SizeRotatingFileAuditEndpoint.Builder builder = SizeRotatingFileAuditEndpoint.builder() - .setMaxBackupIndex(maxBackupIndex) - .setRotateOnBoot(rotateOnBoot) - .setRotateSize(rotateSize); - if ( suffix.isDefined() ){ - builder.setSuffix(suffix.asString()); + return new EndpointClosingEventListenerSupplier() { + @Override + public SecurityEventListener get() throws StartException { + PathResolver pathResolver = pathResolver(); + pathResolver.path(path); + if (relativeTo != null) { + pathResolver.relativeTo(relativeTo, pathManager.getValue()); + } + File resolvedPath = pathResolver.resolve(); + + final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); + final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); + try { + SizeRotatingFileAuditEndpoint.Builder builder = SizeRotatingFileAuditEndpoint.builder() + .setMaxBackupIndex(maxBackupIndex) + .setRotateOnBoot(rotateOnBoot) + .setRotateSize(rotateSize); + if (suffix.isDefined()) { + builder.setSuffix(suffix.asString()); + } + builder.setLocation(resolvedPath.toPath()) + .setSyncOnAccept(synv) + .setDateTimeFormatterSupplier(dateTimeFormatterSupplier); + + endpoint = builder.build(); + } catch (IOException e) { + throw ROOT_LOGGER.unableToStartService(e); } - builder.setLocation(resolvedPath.toPath()) - .setSyncOnAccept(synv) - .setDateTimeFormatterSupplier(dateTimeFormatterSupplier); - endpoint = builder.build(); - } catch (IOException e) { - throw ROOT_LOGGER.unableToStartService(e); + return SecurityEventListener.from(AuditLogger.builder() + .setPriorityMapper(m -> EventPriority.WARNING) + .setMessageFormatter(m -> m.accept(formatter, null)) + .setAuditEndpoint(endpoint) + .build()); } - - return SecurityEventListener.from(AuditLogger.builder() - .setPriorityMapper(m -> EventPriority.WARNING) - .setMessageFormatter(m -> m.accept(formatter, null)) - .setAuditEndpoint(endpoint) - .build()); }; } }; @@ -376,28 +397,30 @@ protected ValueSupplier getValueSupplier( serviceBuilder.addDependency(sslServiceName, SSLContext.class, sslContextInjector); } - return () -> { - final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); - final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); - final AuditEndpoint endpoint; - final SSLContext sslContext = sslContextInjector.getOptionalValue(); - try { - endpoint = SyslogAuditEndpoint.builder() - .setServerAddress(serverAddress) - .setPort(port) - .setSsl(transport == Transport.SSL_TCP) - .setTcp(transport == Transport.TCP || transport == Transport.SSL_TCP) - .setHostName(hostName) - .setSocketFactory(transport == Transport.SSL_TCP && sslContext != null ? sslContext.getSocketFactory() : null) - .build(); - } catch (IOException e) { - throw ROOT_LOGGER.unableToStartService(e); + return new EndpointClosingEventListenerSupplier() { + @Override + public SecurityEventListener get() throws StartException { + final Supplier dateTimeFormatterSupplier = () -> DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault()); + final SecurityEventVisitor formatter = Format.JSON == format ? JsonSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build() : SimpleSecurityEventFormatter.builder().setDateTimeFormatterSupplier(dateTimeFormatterSupplier).build(); + final SSLContext sslContext = sslContextInjector.getOptionalValue(); + try { + endpoint = SyslogAuditEndpoint.builder() + .setServerAddress(serverAddress) + .setPort(port) + .setSsl(transport == Transport.SSL_TCP) + .setTcp(transport == Transport.TCP || transport == Transport.SSL_TCP) + .setHostName(hostName) + .setSocketFactory(transport == Transport.SSL_TCP && sslContext != null ? sslContext.getSocketFactory() : null) + .build(); + } catch (IOException e) { + throw ROOT_LOGGER.unableToStartService(e); + } + return SecurityEventListener.from(AuditLogger.builder() + .setPriorityMapper(m -> EventPriority.WARNING) + .setMessageFormatter(m -> m.accept(formatter, null)) + .setAuditEndpoint(endpoint) + .build()); } - return SecurityEventListener.from(AuditLogger.builder() - .setPriorityMapper(m -> EventPriority.WARNING) - .setMessageFormatter(m -> m.accept(formatter, null)) - .setAuditEndpoint(endpoint) - .build()); }; } };