[bs-15] Integrate audit abstraction into Spring Security setup
* By default all authentication events are passed onto the audit listener * Access denied exceptions are still not published by Spring Security because of a bug in the Java config support [Fixes #48155753]pull/1/merge
parent
a310a79909
commit
0a730beb2a
@ -0,0 +1,59 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2012-2013 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.bootstrap.autoconfigure.service;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.bootstrap.context.annotation.ConditionalOnMissingBean;
|
||||||
|
import org.springframework.bootstrap.service.audit.AuditEventRepository;
|
||||||
|
import org.springframework.bootstrap.service.audit.InMemoryAuditEventRepository;
|
||||||
|
import org.springframework.bootstrap.service.audit.listener.AuditListener;
|
||||||
|
import org.springframework.bootstrap.service.security.AuthenticationAuditListener;
|
||||||
|
import org.springframework.bootstrap.service.security.AuthorizationAuditListener;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Dave Syer
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@Configuration
|
||||||
|
public class AuditConfiguration {
|
||||||
|
|
||||||
|
@Autowired(required = false)
|
||||||
|
private AuditEventRepository auditEventRepository = new InMemoryAuditEventRepository();
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnMissingBean(AuditEventRepository.class)
|
||||||
|
public AuditEventRepository auditEventRepository() throws Exception {
|
||||||
|
return this.auditEventRepository;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public AuditListener auditListener() throws Exception {
|
||||||
|
return new AuditListener(this.auditEventRepository);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public AuthenticationAuditListener authenticationAuditListener() throws Exception {
|
||||||
|
return new AuthenticationAuditListener();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public AuthorizationAuditListener authorizationAuditListener() throws Exception {
|
||||||
|
return new AuthorizationAuditListener();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,78 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2012-2013 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.bootstrap.service.security;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.springframework.bootstrap.service.audit.AuditEvent;
|
||||||
|
import org.springframework.bootstrap.service.audit.listener.AuditApplicationEvent;
|
||||||
|
import org.springframework.context.ApplicationEventPublisher;
|
||||||
|
import org.springframework.context.ApplicationEventPublisherAware;
|
||||||
|
import org.springframework.context.ApplicationListener;
|
||||||
|
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
|
||||||
|
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
|
||||||
|
import org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Dave Syer
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class AuthenticationAuditListener implements
|
||||||
|
ApplicationListener<AbstractAuthenticationEvent>, ApplicationEventPublisherAware {
|
||||||
|
|
||||||
|
private ApplicationEventPublisher publisher;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
|
||||||
|
this.publisher = publisher;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onApplicationEvent(AbstractAuthenticationEvent event) {
|
||||||
|
Map<String, Object> data = new HashMap<String, Object>();
|
||||||
|
if (event instanceof AbstractAuthenticationFailureEvent) {
|
||||||
|
data.put("type", ((AbstractAuthenticationFailureEvent) event).getException()
|
||||||
|
.getClass().getName());
|
||||||
|
data.put("message", ((AbstractAuthenticationFailureEvent) event)
|
||||||
|
.getException().getMessage());
|
||||||
|
publish(new AuditEvent(event.getAuthentication().getName(),
|
||||||
|
"AUTHENTICATION_FAILURE", data));
|
||||||
|
} else if (event instanceof AuthenticationSwitchUserEvent) {
|
||||||
|
if (event.getAuthentication().getDetails() != null) {
|
||||||
|
data.put("details", event.getAuthentication().getDetails());
|
||||||
|
}
|
||||||
|
data.put("target", ((AuthenticationSwitchUserEvent) event).getTargetUser()
|
||||||
|
.getUsername());
|
||||||
|
publish(new AuditEvent(event.getAuthentication().getName(),
|
||||||
|
"AUTHENTICATION_SWITCH", data));
|
||||||
|
|
||||||
|
} else {
|
||||||
|
if (event.getAuthentication().getDetails() != null) {
|
||||||
|
data.put("details", event.getAuthentication().getDetails());
|
||||||
|
}
|
||||||
|
publish(new AuditEvent(event.getAuthentication().getName(),
|
||||||
|
"AUTHENTICATION_SUCCESS", data));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void publish(AuditEvent event) {
|
||||||
|
if (this.publisher != null) {
|
||||||
|
this.publisher.publishEvent(new AuditApplicationEvent(event));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,69 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2012-2013 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.bootstrap.service.security;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.springframework.bootstrap.service.audit.AuditEvent;
|
||||||
|
import org.springframework.bootstrap.service.audit.listener.AuditApplicationEvent;
|
||||||
|
import org.springframework.context.ApplicationEventPublisher;
|
||||||
|
import org.springframework.context.ApplicationEventPublisherAware;
|
||||||
|
import org.springframework.context.ApplicationListener;
|
||||||
|
import org.springframework.security.access.event.AbstractAuthorizationEvent;
|
||||||
|
import org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent;
|
||||||
|
import org.springframework.security.access.event.AuthorizationFailureEvent;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Dave Syer
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class AuthorizationAuditListener implements
|
||||||
|
ApplicationListener<AbstractAuthorizationEvent>, ApplicationEventPublisherAware {
|
||||||
|
|
||||||
|
private ApplicationEventPublisher publisher;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
|
||||||
|
this.publisher = publisher;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onApplicationEvent(AbstractAuthorizationEvent event) {
|
||||||
|
Map<String, Object> data = new HashMap<String, Object>();
|
||||||
|
if (event instanceof AuthenticationCredentialsNotFoundEvent) {
|
||||||
|
data.put("type", ((AuthenticationCredentialsNotFoundEvent) event)
|
||||||
|
.getCredentialsNotFoundException().getClass().getName());
|
||||||
|
data.put("message", ((AuthenticationCredentialsNotFoundEvent) event)
|
||||||
|
.getCredentialsNotFoundException().getMessage());
|
||||||
|
publish(new AuditEvent("<unknown>", "AUTHENTICATION_FAILURE", data));
|
||||||
|
} else if (event instanceof AuthorizationFailureEvent) {
|
||||||
|
data.put("type", ((AuthorizationFailureEvent) event)
|
||||||
|
.getAccessDeniedException().getClass().getName());
|
||||||
|
data.put("message", ((AuthorizationFailureEvent) event)
|
||||||
|
.getAccessDeniedException().getMessage());
|
||||||
|
publish(new AuditEvent(((AuthorizationFailureEvent) event)
|
||||||
|
.getAuthentication().getName(), "AUTHORIZATION_FAILURE", data));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void publish(AuditEvent event) {
|
||||||
|
if (this.publisher != null) {
|
||||||
|
this.publisher.publishEvent(new AuditApplicationEvent(event));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue