Module io.helidon.security.annotations

Package io.helidon.security.annotations

Annotation Interface Audited

@Retention(RUNTIME)
@Target({METHOD,TYPE,FIELD})
@Documented
@Inherited
public @interface Audited

An annotation to specify server resources to be audited.

Optional Element Summary

Optional Elements

Modifier and Type	Optional Element	Description
AuditEvent.AuditSeverity	errorSeverity	Severity of request with unsuccessful response (in http, this would be 4** and 5** status).
String	messageFormat	The message format of this audit event.
AuditEvent.AuditSeverity	okSeverity	Severity of request with successful response (in http, this would be 1** 2** and 3** statuses).
String	value	Event type of this audit event.

Field Summary

Fields

Modifier and Type	Field	Description
static final AuditEvent.AuditSeverity	DEFAULT_ERROR_SEVERITY	Default severity for non-OK statuses.
static final String	DEFAULT_EVENT_TYPE	Default event type: "request".
static final String	DEFAULT_MESSAGE_FORMAT	Default message format: "%3$s %1$s \"%2$s\" %5$s %6$s requested by %4$s".
static final AuditEvent.AuditSeverity	DEFAULT_OK_SEVERITY	Default severity for OK status.

Field Details

DEFAULT_EVENT_TYPE

static final String DEFAULT_EVENT_TYPE

Default event type: "request".

See Also:

• Constant Field Values

DEFAULT_MESSAGE_FORMAT

static final String DEFAULT_MESSAGE_FORMAT

Default message format: "%3$s %1$s \"%2$s\" %5$s %6$s requested by %4$s". The output is: <STATUS> <METHOD> <PATH> <TRANSPORT> <RESOURCE_TYPE> requested by <SUBJECT>

See Also:

• Constant Field Values

DEFAULT_OK_SEVERITY

static final AuditEvent.AuditSeverity DEFAULT_OK_SEVERITY

Default severity for OK status.

DEFAULT_ERROR_SEVERITY

static final AuditEvent.AuditSeverity DEFAULT_ERROR_SEVERITY

Default severity for non-OK statuses.

Element Details

value

String value

Event type of this audit event.

Returns:

event type, defaults to "request"

Default:

"request"

messageFormat

String messageFormat

The message format of this audit event. The following parameters will be provided (in order):

• method: method requested (GET, POST for http)
• path: the requested path (optional)
• status: status code/status string (depends on protocol and integrated framework)
• subject: current security subject
• transport: transport (such as http)
• resourceType: resource type requested (optional)
• targetUri: full uri (as available, optional)

Returns:

message format to create message to be audited

Default:

"%3$s %1$s \"%2$s\" %5$s %6$s requested by %4$s"

okSeverity

AuditEvent.AuditSeverity okSeverity

Severity of request with successful response (in http, this would be 1** 2** and 3** statuses).

Returns:

severity to use

Default:

SUCCESS

errorSeverity

AuditEvent.AuditSeverity errorSeverity

Severity of request with unsuccessful response (in http, this would be 4** and 5** status).

Returns:

severity to use

Default:

FAILURE