Package org.forgerock.caf.authentication.framework

Class AuditTrail

  • public class AuditTrail
extends Object

    Responsible for tracking the auditing of an authentication attempt including auditing each of the modules that are executed and the overall result of the authentication.

    The audit record will include a unique request id, the principal (if authentication was successful) and a session id (if a session was created).

    Since:
    1.5.0

    • Field Detail

      • AUDIT_TRAIL_KEY

        public static final String AUDIT_TRAIL_KEY
        MessageInfo map key for retrieving the audit trail instance.
        See Also:
        Constant Field Values

      • AUDIT_INFO_KEY

        public static final String AUDIT_INFO_KEY
        MessageInfo map key for setting additional audit information from a module.
        See Also:
        Constant Field Values

      • AUDIT_PRINCIPAL_KEY

        public static final String AUDIT_PRINCIPAL_KEY
        MessageInfo map key for setting the principal that the auth module has identified that will be set in the audit log entry.
        See Also:
        Constant Field Values

      • AUDIT_SESSION_ID_KEY

        public static final String AUDIT_SESSION_ID_KEY
        MessageInfo map key for setting the session id for the authentication request.
        See Also:
        Constant Field Values

      • AUDIT_FAILURE_REASON_KEY

        public static final String AUDIT_FAILURE_REASON_KEY
        MessageInfo map key for setting the reason for the module failure.
        See Also:
        Constant Field Values

    • Method Detail

      • auditSuccess

        public void auditSuccess​(String moduleId,
                         Map<String,​Object> info)
        Audits a module as having completed successfully.
        Parameters:
        moduleId - The id of the module.
        info - The module audit info map.

      • auditFailure

        public void auditFailure​(String moduleId,
                         Map<String,​Object> reason,
                         Map<String,​Object> info)
        Audits a module as having completed as a failure.
        Parameters:
        moduleId - The id of the module.
        reason - The reason the module is reporting a failure.
        info - The module audit info map.

      • setSessionId

        public void setSessionId​(String sessionId)
        Sets the session id on the audit record, if a session has been created. Will not set the session id on the audit record if it is null or an empty String.
        Parameters:
        sessionId - The session id.

      • getFailureReasons

        public List<Map<String,​Object>> getFailureReasons()
        Gets the list of failure reasons from each of the module entries.
        Returns:
        A List of failure reasons as Maps of String to Objects.