001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.activemq.web;
018    
019    import org.apache.activemq.broker.util.AuditLogEntry;
020    import org.apache.activemq.broker.util.AuditLogService;
021    import org.slf4j.Logger;
022    import org.slf4j.LoggerFactory;
023    
024    import javax.servlet.*;
025    import javax.servlet.http.HttpServletRequest;
026    import java.io.IOException;
027    
028    public class AuditFilter implements Filter {
029    
030        private static final Logger LOG = LoggerFactory.getLogger("org.apache.activemq.audit");
031    
032        private boolean audit;
033        private AuditLogService auditLog;
034    
035        public void init(FilterConfig filterConfig) throws ServletException {
036            audit = "true".equalsIgnoreCase(System.getProperty("org.apache.activemq.audit"));
037            if (audit) {
038                auditLog = AuditLogService.getAuditLog();
039            }
040        }
041    
042        public void destroy() {
043        }
044    
045        public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
046            if (audit && request instanceof HttpServletRequest) {
047    
048                HttpServletRequest http = (HttpServletRequest)request;
049                AuditLogEntry entry = new HttpAuditLogEntry();
050                if (http.getRemoteUser() != null) {
051                    entry.setUser(http.getRemoteUser());
052                }
053                entry.setTimestamp(System.currentTimeMillis());
054                entry.setOperation(http.getRequestURI());
055                entry.setRemoteAddr(http.getRemoteAddr());
056                entry.getParameters().put("params", http.getParameterMap());
057                auditLog.log(entry);
058            }
059            chain.doFilter(request, response);
060        }
061    }