Page History
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
public class AuditLogning {
public static final String KEY_PATIENT_CPR = "patient-cpr";
public static final String KEY_USER_CPR = "bruger-cpr";
public static final String KEY_USER_ON_BEHALF_OF_CPR = "on-behalf-of-cpr";
public static final String KEY_DOCUMENT_ENTRY = "document_entry";
private static final String ITI_18_CONTEXT = "documentRegistryAdhocQuery";
private static final String ITI_43_CONTEXT = "documentRepositoryRetrieveDocumentSet";
private static final String DOCUMENTENTRY_HOMECOMMUNITY_ID = "homecommunityid";
private static final String DOCUMENTENTRY_REPOSITORY_ID = "repositoryid";
private static final String DOCUMENTENTRY_DOCUMENT_ID = "documentid";
private static final String DOCUMENTENTRY_TYPECODE = "typecode";
private static final String KEY_QUERY_TYPECODE = "queryTypecode";
private String componentName;
public AuditLogning() {
this("DDS");
}
public AuditLogning(String componentName) {
this.componentName = componentName;
}
public public void auditLogIti18Response(AuditBuilder auditBuilder, String patientCpr, String requestingUserCpr, String requestingUserOnBehalfOfCpr, AdhocQueryType adhocQueryType, AdhocQueryResponse adhocQueryResponse) {
auditBuilder.addAuditInformation(componentName, ITI_18_CONTEXT, TypeOfInformation.RegularPersonalInformationSensitivePersonalInformation, KEY_PATIENT_CPR, patientCpr);
if (requestingUserCpr != null) {
auditBuilder.addAuditInformation(componentName, ITI_18_CONTEXT, TypeOfInformation.RegularPersonalInformationSensitivePersonalInformation, KEY_USER_CPR, requestingUserCpr);
}
}
if (requestingUserOnBehalfOfCpr != null) {
auditBuilder.addAuditInformation(componentName, ITI_18_CONTEXT, TypeOfInformation.RegularPersonalInformationSensitivePersonalInformation, KEY_USER_ON_BEHALF_OF_CPR, requestingUserOnBehalfOfCpr);
}
if (adhocQueryType != null && adhocQueryType.getSlot() != null) {
ValueListType vlt = XDSValueFinder.getSearchParameterTypeCode ValueListType vlt = XDSValueFinder.getSearchParameterTypeCode(adhocQueryType.getSlot());
if (vlt != null && vlt.getValue() != null) {
auditBuilder.addAuditInformation(componentName, ITI_18_CONTEXT, TypeOfInformation.NonPersonalInformation, KEY_QUERY_TYPECODE, vlt.getValue());
}
}
}
}
if (adhocQueryResponse.getRegistryObjectList() != null && adhocQueryResponse.getRegistryObjectList().getIdentifiable() != null) {
Iterator<JAXBElement<? extends oasis.names.tc.ebxml_regrep.xsd.rim._3.IdentifiableType>> identifiables = adhocQueryResponse.getRegistryObjectList().getIdentifiable().iterator();
int int count = 0;
while (identifiables.hasNext()) {
JAXBElement<? extends oasis.names.tc.ebxml_regrep.xsd.rim._3.IdentifiableType> identifiable = identifiables.next();
ExtrinsicObjectType documentEntry = XDSValueFinder.getAsDocumentEntry(identifiable);
DocumentEntryExternalId documentEntryExternalId = XDSValueFinder.getDocumentEntryExternalId(documentEntry);
String typeCode = XDSValueFinder.getTypeCodeValueInClassificiationList(documentEntry.getClassification());
addDocumentEntryAsAuditLogValue(auditBuilder, ITI_18_CONTEXT, count++, documentEntryExternalId, typeCode);
}
}
}
}
}
}
public void addDocumentEntryAsAuditLogValue(AuditBuilder auditBuilder, String context, int count, String homeCommunityId, String repositoryId, String documentId, String typeCode) {
if (homeCommunityId != null) {
if (homeCommunityId != null) {
auditBuilder.addAuditInformation(componentName, context, TypeOfInformation.SensitivePersonalInformationNonPersonalInformation, formatKey(KEY_DOCUMENT_ENTRY, count, DOCUMENTENTRY_HOMECOMMUNITY_ID), homeCommunityId);
}
}
auditBuilder.addAuditInformation(componentName, context, TypeOfInformation.SensitivePersonalInformationNonPersonalInformation, formatKey(KEY_DOCUMENT_ENTRY, count, DOCUMENTENTRY_REPOSITORY_ID), repositoryId);
auditBuilder.addAuditInformation(componentName, context, TypeOfInformation.SensitivePersonalInformationNonPersonalInformation, formatKey(KEY_DOCUMENT_ENTRY, count, DOCUMENTENTRY_DOCUMENT_ID), documentId);
if (typeCode != null) {
auditBuilder.addAuditInformation(componentName, context, TypeOfInformation.SensitivePersonalInformationNonPersonalInformation, formatKey(KEY_DOCUMENT_ENTRY, count, DOCUMENTENTRY_TYPECODE), typeCode);
}
}
public String formatKey(String prefix, int count, String postfix) {
, String postfix) {
return prefix+"."+count+"."+postfix;
}
|
Som det kan ses i det ovenstående, så kaldes addAuditInformation flere gange i forbindelse med en søgning. Anvendelse af konstanter sørger for, at parametrene componentName og context sendes ensartet videre til NSP Audit API.
...
Det er værd at bemærke, at NSP Audit API selv sørger for at logge soap headers, indhold fra det medsendte idkort eller token samt diverse kvantitative metrikker vedr kaldet. Det behøver man således ikke selv at logge som anvender af API'et.
I nedenstående eksempler bruges forkortelserne NPI, RPI og SPI, som står for Non-Personal Information, Regular Person Information og Sensitive Person Information.
En borger fremsøger egne dokumenter gennem dokumentdelingsservice (IDWS)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"time":"2021-10-13T14:21:38.115Z",
"category":"dk.sds.nsp.audit.log.dds",
"audit":{
"timestamp":"2021-10-13T16:21:37.531+02:00",
"components":[
{
"component":"DDS",
"contexts":[
{
"context":"documentRegistryAdhocQuery",
"information":[
{
"key":"patient-cpr",
"type":"RPISPI",
"value":"0207761919"
},
{
"key":"bruger-cpr",
"type":"RPISPI",
"value":"0207761919"
},
{
"key":"queryTypecode",
"type":"NPI",
"values":[
"('39289-4^^2.16.840.1.113883.6.1')"
]
},
{
"key":"document_entry.0.homecommunityid",
"type":"SPINPI",
"value":""
},
{
"key":"document_entry.0.repositoryid",
"type":"SPINPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.0.documentid",
"type":"SPINPI",
"value":"0207761919.6052203964123326052.1537974544003"
},
{
"key":"document_entry.0.typecode",
"type":"SPINPI",
"value":"39289-4"
},
{
"key":"document_entry.1.homecommunityid",
"type":"SPINPI",
"value":""
},
{
"key":"document_entry.1.repositoryid",
"type":"SPINPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.1.documentid",
"type":"SPINPI",
"value":"5619531150207761919.6052203964123326052.1537974544003"
},
{
"key":"document_entry.1.typecode",
"type":"SPINPI",
"value":"39289-4"
},
{
"key":"document_entry.2.homecommunityid",
"type":"SPINPI",
"value":""
},
{
"key":"document_entry.2.repositoryid",
"type":"SPINPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.2.documentid",
"type":"SPINPI",
"value":"0207761919.678401000016005.10001"
},
{
"key":"document_entry.2.typecode",
"type":"SPINPI",
"value":"39289-4"
}
]
}
]
}
]
},
"access":{
"code":200,
"duration":462,
"httpHeaders":{
"Content-Type":"application/soap+xml; charset=UTF-8"
},
"httpHost":"localhost",
"idCardAttributes":{
"dk:gov:saml:attribute:AssuranceLevel":"3",
"dk:gov:saml:attribute:CprNumberIdentifier":"0207761919",
"dk:gov:saml:attribute:SpecVer":"DK-SAML-2.0"
},
"method":"POST",
"path":"/ddsregistry/idws",
"query":"",
"port":9090,
"protocol":"http",
"reqSize":13124,
"resSize":22971,
"soapHeaders":{
"Audience":"https://audience.nspop.dk/dds",
"Issuer":"TEST2-NSP-STS",
"NameID":"C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-663031557285",
"w3Action":"action",
"w3MessageID":"urn:uuid:b1622648-c82e-4adc-b9fb-4c9a51b1df1d",
"w3To":"http://localhost:9090/ddsregistry/idws"
},
"threadId":"default task-3",
"time":"2021-10-13T16:21:37.531+02:00",
"stats":{
"handlerDuration":118,
"RequestContentDuration":1,
"ResponseContentDuration":0,
"SecurityProtocolRequestDuration":10,
"SecurityProtocolResponseDuration":101,
"bufferAllocated":false,
"usedBuffers":2,
"activeBuffersInPool":2,
"idleBuffersInPool":4
}
}
} |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"time":"2021-10-13T14:04:07.387Z",
"category":"dk.sds.nsp.audit.log.dds",
"audit":{
"timestamp":"2021-10-13T16:04:06.861+02:00",
"components":[
{
"component":"DDS",
"contexts":[
{
"context":"documentRegistryAdhocQuery",
"information":[
{
"key":"patient-cpr",
"type":"RPISPI",
"value":"0106501010"
},
{
"key":"bruger-cpr",
"type":"RPISPI",
"value":"0804769723"
},
{
"key":"on-behalf-of-cpr",
"type":"RPISPI",
"value":"0804769723"
},
{
"key":"document_entry.0.homecommunityid",
"type":"SPINPI",
"value":""
},
{
"key":"document_entry.0.repositoryid",
"type":"SPINPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.0.documentid",
"type":"SPINPI",
"value":"0106501010.842938295.10000002"
},
{
"key":"document_entry.0.typecode",
"type":"SPINPI",
"value":"39289-4"
},
{
"key":"document_entry.1.homecommunityid",
"type":"SPINPI",
"value":""
},
{
"key":"document_entry.1.repositoryid",
"type":"SPINPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.1.documentid",
"type":"SPINPI",
"value":"0106501010.842938295.10000003"
},
{
"key":"document_entry.1.typecode",
"type":"SPINPI",
"value":"39289-4"
},
{
"key":"document_entry.2.homecommunityid",
"type":"SPINPI",
"value":""
},
{
"key":"document_entry.2.repositoryid",
"type":"SPINPI",
"value":"1.3.6.1.4.1.21367.2010.1.2.1125"
},
{
"key":"document_entry.2.documentid",
"type":"SPINPI",
"value":"0106501010.678401000016005.10000001"
},
{
"key":"document_entry.2.typecode",
"type":"SPINPI",
"value":"39289-4"
},
{
"key":"document_entry.3.homecommunityid",
"type":"SPINPI",
"value":"1.2.208.176.8.1.12"
},
{
"key":"document_entry.3.repositoryid",
"type":"SPINPI",
"value":"1.2.208.176.43210.8.10.12"
},
{
"key":"document_entry.3.documentid",
"type":"SPINPI",
"value":"1.2.208.176.43210.8.10.12^27434a41-cf20-4fb4-bdd7-c4bd7fc98cf2"
},
{
"key":"document_entry.3.typecode",
"type":"SPINPI",
"value":"52460-3"
},
{
"key":"document_entry.4.homecommunityid",
"type":"SPINPI",
"value":"1.2.208.176.8.1.12"
},
{
"key":"document_entry.4.repositoryid",
"type":"SPINPI",
"value":"1.2.208.176.43210.8.10.12"
},
{
"key":"document_entry.4.documentid",
"type":"SPINPI",
"value":"1.2.208.176.43210.8.10.12^fe950ffa-30e6-4f1d-b364-bd30e3b7a66b"
},
{
"key":"document_entry.4.typecode",
"type":"SPINPI",
"value":"PDC"
}
]
}
]
}
]
},
"access":{
"code":200,
"duration":489,
"httpHeaders":{
"Content-Type":"application/soap+xml; charset=UTF-8"
},
"httpHost":"localhost",
"idCardAttributes":{
"medcom:CareProviderID":"33257872",
"medcom:CareProviderName":"Sundhedsdatastyrelsen",
"medcom:ITSystemName":"Test",
"medcom:UserAuthorizationCode":"CBTH1",
"medcom:UserOccupation":"Læge",
"medcom:UserRole":"7170",
"sosi:AuthenticationLevel":"4",
"sosi:IDCardID":"ndbdsjE8LrtpFqHmzKL0Xw==",
"sosi:IDCardType":"user",
"sosi:IDCardVersion":"1.0.1"
},
"method":"POST",
"path":"/ddsregistry",
"query":"",
"port":9090,
"protocol":"http",
"reqSize":9626,
"resSize":33100,
"soapHeaders":{
"Issuer":"TEST2-NSP-STS",
"MessageID":"AAABfHn3qv7YTBlq290B5FNPU0k=",
"NameID":"SubjectDN={CN=Casper Rasmussen + SERIALNUMBER=CVR:33257872-RID:40718906, O=Sundhedsdatastyrelsen // CVR:33257872, C=DK},IssuerDN={CN=TRUST2408 Systemtest XXXIV CA, O=TRUST2408, C=DK},CertSerial={1604229135}",
"w3Action":"urn:ihe:iti:2007:RegistryStoredQuery",
"w3MessageID":"urn:uuid:07b2fb66-19c4-4bc7-8630-e427cebff032",
"w3To":"http://localhost:9090/ddsregistry"
},
"threadId":"default task-58",
"time":"2021-10-13T16:04:06.861+02:00",
"stats":{
"handlerDuration":33,
"RequestContentDuration":3,
"ResponseContentDuration":0,
"SecurityProtocolRequestDuration":18,
"SecurityProtocolResponseDuration":0,
"bufferAllocated":false,
"usedBuffers":2,
"activeBuffersInPool":2,
"idleBuffersInPool":4
}
}
} |
...