Add constants for supported audit event types

See gh-6582

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthenticationAuditListener.java

@@ -30,9 +30,25 @@ import org.springframework.util.ClassUtils;
  * Default implementation of {@link AbstractAuthenticationAuditListener}.
  *
  * @author Dave Syer
+ * @author Vedran Pavic
  */
 public class AuthenticationAuditListener extends AbstractAuthenticationAuditListener {
 
+	/**
+	 * Authentication success event type.
+	 */
+	public static final String AUTHENTICATION_SUCCESS = "AUTHENTICATION_SUCCESS";
+
+	/**
+	 * Authentication failure event type.
+	 */
+	public static final String AUTHENTICATION_FAILURE = "AUTHENTICATION_FAILURE";
+
+	/**
+	 * Authentication switch event type.
+	 */
+	public static final String AUTHENTICATION_SWITCH = "AUTHENTICATION_SWITCH";
+
 	private static final String WEB_LISTENER_CHECK_CLASS = "org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent";
 
 	private WebAuditListener webListener = maybeCreateWebListener();
@@ -65,7 +81,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
 			data.put("details", event.getAuthentication().getDetails());
 		}
 		publish(new AuditEvent(event.getAuthentication().getName(),
-				"AUTHENTICATION_FAILURE", data));
+				AUTHENTICATION_FAILURE, data));
 	}
 
 	private void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) {
@@ -74,7 +90,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
 			data.put("details", event.getAuthentication().getDetails());
 		}
 		publish(new AuditEvent(event.getAuthentication().getName(),
-				"AUTHENTICATION_SUCCESS", data));
+				AUTHENTICATION_SUCCESS, data));
 	}
 
 	private static class WebAuditListener {
@@ -89,7 +105,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
 				}
 				data.put("target", event.getTargetUser().getUsername());
 				listener.publish(new AuditEvent(event.getAuthentication().getName(),
-						"AUTHENTICATION_SWITCH", data));
+						AUTHENTICATION_SWITCH, data));
 			}
 
 		}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthorizationAuditListener.java

@@ -28,9 +28,15 @@ import org.springframework.security.access.event.AuthorizationFailureEvent;
  * Default implementation of {@link AbstractAuthorizationAuditListener}.
  *
  * @author Dave Syer
+ * @author Vedran Pavic
  */
 public class AuthorizationAuditListener extends AbstractAuthorizationAuditListener {
 
+	/**
+	 * Authorization failure event type.
+	 */
+	public static final String AUTHORIZATION_FAILURE = "AUTHORIZATION_FAILURE";
+
 	@Override
 	public void onApplicationEvent(AbstractAuthorizationEvent event) {
 		if (event instanceof AuthenticationCredentialsNotFoundEvent) {
@@ -47,7 +53,8 @@ public class AuthorizationAuditListener extends AbstractAuthorizationAuditListen
 		Map<String, Object> data = new HashMap<String, Object>();
 		data.put("type", event.getCredentialsNotFoundException().getClass().getName());
 		data.put("message", event.getCredentialsNotFoundException().getMessage());
-		publish(new AuditEvent("<unknown>", "AUTHENTICATION_FAILURE", data));
+		publish(new AuditEvent("<unknown>",
+				AuthenticationAuditListener.AUTHENTICATION_FAILURE, data));
 	}
 
 	private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) {
@@ -58,7 +65,7 @@ public class AuthorizationAuditListener extends AbstractAuthorizationAuditListen
 			data.put("details", event.getAuthentication().getDetails());
 		}
 		publish(new AuditEvent(event.getAuthentication().getName(),
-				"AUTHORIZATION_FAILURE", data));
+				AUTHORIZATION_FAILURE, data));
 	}
 
 }

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthenticationAuditListenerTests.java

@@ -57,7 +57,11 @@ public class AuthenticationAuditListenerTests {
 	public void testAuthenticationSuccess() {
 		this.listener.onApplicationEvent(new AuthenticationSuccessEvent(
 				new UsernamePasswordAuthenticationToken("user", "password")));
-		verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
+		ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
+				.forClass(AuditApplicationEvent.class);
+		verify(this.publisher).publishEvent(argumentCaptor.capture());
+		assertThat(argumentCaptor.getValue().getAuditEvent().getType())
+				.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_SUCCESS);
 	}
 
 	@Test
@@ -73,7 +77,11 @@ public class AuthenticationAuditListenerTests {
 		this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
 				new UsernamePasswordAuthenticationToken("user", "password"),
 				new BadCredentialsException("Bad user")));
-		verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
+		ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
+				.forClass(AuditApplicationEvent.class);
+		verify(this.publisher).publishEvent(argumentCaptor.capture());
+		assertThat(argumentCaptor.getValue().getAuditEvent().getType())
+				.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
 	}
 
 	@Test
@@ -82,7 +90,11 @@ public class AuthenticationAuditListenerTests {
 				new UsernamePasswordAuthenticationToken("user", "password"),
 				new User("user", "password",
 						AuthorityUtils.commaSeparatedStringToAuthorityList("USER"))));
-		verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
+		ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
+				.forClass(AuditApplicationEvent.class);
+		verify(this.publisher).publishEvent(argumentCaptor.capture());
+		assertThat(argumentCaptor.getValue().getAuditEvent().getType())
+				.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_SWITCH);
 	}
 
 	@Test
@@ -93,10 +105,13 @@ public class AuthenticationAuditListenerTests {
 		authentication.setDetails(details);
 		this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
 				authentication, new BadCredentialsException("Bad user")));
-		ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor
+		ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
 				.forClass(AuditApplicationEvent.class);
-		verify(this.publisher).publishEvent(auditApplicationEvent.capture());
-		assertThat(auditApplicationEvent.getValue().getAuditEvent().getData())
+		verify(this.publisher).publishEvent(argumentCaptor.capture());
+		AuditApplicationEvent event = argumentCaptor.getValue();
+		assertThat(event.getAuditEvent().getType())
+				.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
+		assertThat(event.getAuditEvent().getData())
 				.containsEntry("details", details);
 	}
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java

@@ -23,7 +23,6 @@ import org.junit.Test;
 import org.mockito.ArgumentCaptor;
 
 import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent;
-import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
@@ -34,7 +33,6 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Matchers.anyObject;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -58,7 +56,11 @@ public class AuthorizationAuditListenerTests {
 		this.listener.onApplicationEvent(new AuthenticationCredentialsNotFoundEvent(this,
 				Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
 				new AuthenticationCredentialsNotFoundException("Bad user")));
-		verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
+		ArgumentCaptor<AuditApplicationEvent> eventArgumentCaptor = ArgumentCaptor
+				.forClass(AuditApplicationEvent.class);
+		verify(this.publisher).publishEvent(eventArgumentCaptor.capture());
+		assertThat(eventArgumentCaptor.getValue().getAuditEvent().getType())
+				.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
 	}
 
 	@Test
@@ -67,7 +69,11 @@ public class AuthorizationAuditListenerTests {
 				Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
 				new UsernamePasswordAuthenticationToken("user", "password"),
 				new AccessDeniedException("Bad user")));
-		verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
+		ArgumentCaptor<AuditApplicationEvent> eventArgumentCaptor = ArgumentCaptor
+				.forClass(AuditApplicationEvent.class);
+		verify(this.publisher).publishEvent(eventArgumentCaptor.capture());
+		assertThat(eventArgumentCaptor.getValue().getAuditEvent().getType())
+				.isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
 	}
 
 	@Test
@@ -79,11 +85,13 @@ public class AuthorizationAuditListenerTests {
 		this.listener.onApplicationEvent(new AuthorizationFailureEvent(this,
 				Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
 				authentication, new AccessDeniedException("Bad user")));
-		ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor
+		ArgumentCaptor<AuditApplicationEvent> eventArgumentCaptor = ArgumentCaptor
 				.forClass(AuditApplicationEvent.class);
-		verify(this.publisher).publishEvent(auditApplicationEvent.capture());
-		assertThat(auditApplicationEvent.getValue().getAuditEvent().getData())
-				.containsEntry("details", details);
+		verify(this.publisher).publishEvent(eventArgumentCaptor.capture());
+		AuditApplicationEvent event = eventArgumentCaptor.getValue();
+		assertThat(event.getAuditEvent().getType())
+				.isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
+		assertThat(event.getAuditEvent().getData()).containsEntry("details", details);
 	}
 
 }