View Javadoc
1   /*
2    * Copyright 2017 the original author or authors.
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *         http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   */
16  package org.openehealth.ipf.commons.audit.model;
17  
18  import lombok.EqualsAndHashCode;
19  import lombok.Getter;
20  import lombok.NonNull;
21  import lombok.Setter;
22  import org.openehealth.ipf.commons.audit.codes.NetworkAccessPointTypeCode;
23  import org.openehealth.ipf.commons.audit.types.ActiveParticipantRoleId;
24  import org.openehealth.ipf.commons.audit.types.MediaType;
25  
26  import java.io.Serializable;
27  import java.util.ArrayList;
28  import java.util.List;
29  
30  import static java.util.Objects.requireNonNull;
31  
32  /**
33   * @author Christian Ohr
34   * @since 3.5
35   */
36  @EqualsAndHashCode
37  public class ActiveParticipantType implements Serializable, Validateable {
38  
39      /**
40       * <p>Indicator that the user is or is not the requestor, or initiator, for the event being audited.</p>
41       * <p>Used to identify which of the participants initiated the transaction being audited.
42       * If the audit source cannot determine which of the participants is the requestor,
43       * then the field shall be present with the value FALSE in all participants. The system shall not identify
44       * multiple participants as UserIsRequestor. If there are several known requestors, the reporting system shall pick
45       * only one as UserIsRequestor.</p>
46       */
47      @Getter @Setter
48      private boolean userIsRequestor;
49  
50      /**
51       * <p>Unique identifier for the user actively participating in the event.</p>
52       * <p>
53       * If the participant is a person, then the User ID shall be the identifier used for that person on this particular system,
54       * in the form of loginName@domain-name. If the participant is an identifiable process, the UserID selected shall be one of the
55       * identifiers used in the internal system logs. For example, the User ID may be the process ID as used within the local
56       * operating system in the local system logs. If the participant is a node, then User ID may be the node name assigned by the
57       * system administrator. Other participants such as threads, relocatable processes, web service end-points,
58       * web server dispatchable threads, etc. will have an appropriate identifier.
59       * </p>
60       * <p>
61       * The implementation shall document in the conformance statement the identifiers used, see Section A.6.
62       * The purpose of this requirement is to allow matching of the audit log identifiers with internal system logs on the reporting systems.
63       * </p>
64       * <p>
65       * When importing or exporting data, e.g., by means of media, the UserID field is used both to identify people and to
66       * identify the media itself. When the Role ID Code is EV(110154, DCM, "Destination Media") or EV(110155, DCM, "Source Media"),
67       * the UserID may be:
68       * <ul>
69       * <li>a URI (the preferred form) identifying the source or destination</li>
70       * <li>an email address of the form "mailto:user@address"</li>
71       * <li>a description of the media type (e.g., DVD) together with a description of its identifying label, as a free text field</li>
72       * <li>a description of the media type (e.g., paper, film) together with a description of the location of the media creator (i.e., the printer)</li>
73       * </ul>
74       * <p>
75       * The UserID field for Media needs to be highly flexible given the large variety of media and transports that might be used.
76       * </p>
77       */
78      @Getter @Setter @NonNull
79      private String userID;
80  
81      /**
82       * <p>
83       * Alternative unique identifier for the user.
84       * </p>
85       * <p>
86       * If the participant is a person, then Alternative User ID shall be the identifier used for that person within an enterprise
87       * for authentication purposes, for example, a Kerberos Username (user@realm). If the participant is a DICOM application,
88       * then Alternative User ID shall be one or more of the AE Titles that participated in the event.
89       * </p>
90       * <p>
91       * Multiple AE titles shall be encoded as:
92       * </p>
93       * <pre>
94       * AETITLES= aetitle1;aetitle2;…
95       * </pre>
96       * <p>
97       * When importing or exporting data, e.g., by means of media, the Alternative UserID field is used either to identify people
98       * or to identify the media itself. When the Role ID Code is (110154, DCM, "Destination Media") or (110155, DCM, "Source Media"),
99       * the Alternative UserID may be any machine readable identifications on the media, such as media serial number, volume label,
100      * or DICOMDIR SOP Instance UID.
101      * </p>
102      */
103     @Getter
104     @Setter
105     private String alternativeUserID;
106 
107     /**
108      * A human readable identification of the participant. If the participant is a person, the person's name shall be used.
109      * If the participant is a process, then the process name shall be used.
110      */
111     @Getter
112     @Setter
113     private String userName;
114 
115     /**
116      * <p>
117      * An identifier for the network access point of the user device This could be a device id, IP address,
118      * or some other identifier associated with a device.
119      * </p>
120      * <p>
121      * The NetworkAccessPointTypeCode and NetworkAccessPointID can be ambiguous for systems that have multiple physical network
122      * connections. For these multi-homed nodes a single DNS name or IP address shall be selected and used when reporting audit
123      * events. DICOM does not require the use of a specific method for selecting the network connection to be used for identification,
124      * but it must be the same for all of the audit messages generated for events on that node.
125      * </p>
126      */
127     @Getter
128     @Setter
129     private String networkAccessPointID;
130 
131     /**
132      * An identifier for the type of network access point.
133      */
134     @Getter
135     @Setter
136     private NetworkAccessPointTypeCode networkAccessPointTypeCode;
137 
138     private List<ActiveParticipantRoleId> roleIDCodes;
139 
140     /**
141      * Volume ID, URI, or other identifier for media. Often required if digital media. May be present otherwise.
142      */
143     @Getter
144     @Setter
145     private String mediaIdentifier;
146 
147     @Getter
148     @Setter
149     private MediaType mediaType;
150 
151     public ActiveParticipantType(String userId, boolean userIsRequestor) {
152         this.userID = requireNonNull(userId, "userId must be not null");
153         this.userIsRequestor = userIsRequestor;
154     }
155 
156     /**
157      * Specification of the role(s) the user plays when performing the event,
158      * as assigned in role-based access control security.
159      *
160      * @return the role(s) the user plays when performing the event
161      */
162     public List<ActiveParticipantRoleId> getRoleIDCodes() {
163         if (roleIDCodes == null) {
164             roleIDCodes = new ArrayList<>();
165         }
166         return this.roleIDCodes;
167     }
168 
169     @Override
170     public void validate() {
171         // no special rules
172     }
173 }