Add constants for supported audit event types

See gh-6582
pull/7671/head
Vedran Pavic 8 years ago committed by Stephane Nicoll
parent cedac27c80
commit 899f7aa8f0

@ -30,9 +30,25 @@ import org.springframework.util.ClassUtils;
* Default implementation of {@link AbstractAuthenticationAuditListener}. * Default implementation of {@link AbstractAuthenticationAuditListener}.
* *
* @author Dave Syer * @author Dave Syer
* @author Vedran Pavic
*/ */
public class AuthenticationAuditListener extends AbstractAuthenticationAuditListener { public class AuthenticationAuditListener extends AbstractAuthenticationAuditListener {
/**
* Authentication success event type.
*/
public static final String AUTHENTICATION_SUCCESS = "AUTHENTICATION_SUCCESS";
/**
* Authentication failure event type.
*/
public static final String AUTHENTICATION_FAILURE = "AUTHENTICATION_FAILURE";
/**
* Authentication switch event type.
*/
public static final String AUTHENTICATION_SWITCH = "AUTHENTICATION_SWITCH";
private static final String WEB_LISTENER_CHECK_CLASS = "org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent"; private static final String WEB_LISTENER_CHECK_CLASS = "org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent";
private WebAuditListener webListener = maybeCreateWebListener(); private WebAuditListener webListener = maybeCreateWebListener();
@ -65,7 +81,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
data.put("details", event.getAuthentication().getDetails()); data.put("details", event.getAuthentication().getDetails());
} }
publish(new AuditEvent(event.getAuthentication().getName(), publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_FAILURE", data)); AUTHENTICATION_FAILURE, data));
} }
private void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) { private void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) {
@ -74,7 +90,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
data.put("details", event.getAuthentication().getDetails()); data.put("details", event.getAuthentication().getDetails());
} }
publish(new AuditEvent(event.getAuthentication().getName(), publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SUCCESS", data)); AUTHENTICATION_SUCCESS, data));
} }
private static class WebAuditListener { private static class WebAuditListener {
@ -89,7 +105,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
} }
data.put("target", event.getTargetUser().getUsername()); data.put("target", event.getTargetUser().getUsername());
listener.publish(new AuditEvent(event.getAuthentication().getName(), listener.publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SWITCH", data)); AUTHENTICATION_SWITCH, data));
} }
} }

@ -28,9 +28,15 @@ import org.springframework.security.access.event.AuthorizationFailureEvent;
* Default implementation of {@link AbstractAuthorizationAuditListener}. * Default implementation of {@link AbstractAuthorizationAuditListener}.
* *
* @author Dave Syer * @author Dave Syer
* @author Vedran Pavic
*/ */
public class AuthorizationAuditListener extends AbstractAuthorizationAuditListener { public class AuthorizationAuditListener extends AbstractAuthorizationAuditListener {
/**
* Authorization failure event type.
*/
public static final String AUTHORIZATION_FAILURE = "AUTHORIZATION_FAILURE";
@Override @Override
public void onApplicationEvent(AbstractAuthorizationEvent event) { public void onApplicationEvent(AbstractAuthorizationEvent event) {
if (event instanceof AuthenticationCredentialsNotFoundEvent) { if (event instanceof AuthenticationCredentialsNotFoundEvent) {
@ -47,7 +53,8 @@ public class AuthorizationAuditListener extends AbstractAuthorizationAuditListen
Map<String, Object> data = new HashMap<String, Object>(); Map<String, Object> data = new HashMap<String, Object>();
data.put("type", event.getCredentialsNotFoundException().getClass().getName()); data.put("type", event.getCredentialsNotFoundException().getClass().getName());
data.put("message", event.getCredentialsNotFoundException().getMessage()); data.put("message", event.getCredentialsNotFoundException().getMessage());
publish(new AuditEvent("<unknown>", "AUTHENTICATION_FAILURE", data)); publish(new AuditEvent("<unknown>",
AuthenticationAuditListener.AUTHENTICATION_FAILURE, data));
} }
private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) { private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) {
@ -58,7 +65,7 @@ public class AuthorizationAuditListener extends AbstractAuthorizationAuditListen
data.put("details", event.getAuthentication().getDetails()); data.put("details", event.getAuthentication().getDetails());
} }
publish(new AuditEvent(event.getAuthentication().getName(), publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHORIZATION_FAILURE", data)); AUTHORIZATION_FAILURE, data));
} }
} }

@ -57,7 +57,11 @@ public class AuthenticationAuditListenerTests {
public void testAuthenticationSuccess() { public void testAuthenticationSuccess() {
this.listener.onApplicationEvent(new AuthenticationSuccessEvent( this.listener.onApplicationEvent(new AuthenticationSuccessEvent(
new UsernamePasswordAuthenticationToken("user", "password"))); new UsernamePasswordAuthenticationToken("user", "password")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(argumentCaptor.capture());
assertThat(argumentCaptor.getValue().getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_SUCCESS);
} }
@Test @Test
@ -73,7 +77,11 @@ public class AuthenticationAuditListenerTests {
this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent( this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
new UsernamePasswordAuthenticationToken("user", "password"), new UsernamePasswordAuthenticationToken("user", "password"),
new BadCredentialsException("Bad user"))); new BadCredentialsException("Bad user")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(argumentCaptor.capture());
assertThat(argumentCaptor.getValue().getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
} }
@Test @Test
@ -82,7 +90,11 @@ public class AuthenticationAuditListenerTests {
new UsernamePasswordAuthenticationToken("user", "password"), new UsernamePasswordAuthenticationToken("user", "password"),
new User("user", "password", new User("user", "password",
AuthorityUtils.commaSeparatedStringToAuthorityList("USER")))); AuthorityUtils.commaSeparatedStringToAuthorityList("USER"))));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(argumentCaptor.capture());
assertThat(argumentCaptor.getValue().getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_SWITCH);
} }
@Test @Test
@ -93,10 +105,13 @@ public class AuthenticationAuditListenerTests {
authentication.setDetails(details); authentication.setDetails(details);
this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent( this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
authentication, new BadCredentialsException("Bad user"))); authentication, new BadCredentialsException("Bad user")));
ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor ArgumentCaptor<AuditApplicationEvent> argumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class); .forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(auditApplicationEvent.capture()); verify(this.publisher).publishEvent(argumentCaptor.capture());
assertThat(auditApplicationEvent.getValue().getAuditEvent().getData()) AuditApplicationEvent event = argumentCaptor.getValue();
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
assertThat(event.getAuditEvent().getData())
.containsEntry("details", details); .containsEntry("details", details);
} }

@ -23,7 +23,6 @@ import org.junit.Test;
import org.mockito.ArgumentCaptor; import org.mockito.ArgumentCaptor;
import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent; import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
@ -34,7 +33,6 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.anyObject;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verify;
@ -58,7 +56,11 @@ public class AuthorizationAuditListenerTests {
this.listener.onApplicationEvent(new AuthenticationCredentialsNotFoundEvent(this, this.listener.onApplicationEvent(new AuthenticationCredentialsNotFoundEvent(this,
Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")), Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
new AuthenticationCredentialsNotFoundException("Bad user"))); new AuthenticationCredentialsNotFoundException("Bad user")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); ArgumentCaptor<AuditApplicationEvent> eventArgumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(eventArgumentCaptor.capture());
assertThat(eventArgumentCaptor.getValue().getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
} }
@Test @Test
@ -67,7 +69,11 @@ public class AuthorizationAuditListenerTests {
Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")), Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
new UsernamePasswordAuthenticationToken("user", "password"), new UsernamePasswordAuthenticationToken("user", "password"),
new AccessDeniedException("Bad user"))); new AccessDeniedException("Bad user")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); ArgumentCaptor<AuditApplicationEvent> eventArgumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(eventArgumentCaptor.capture());
assertThat(eventArgumentCaptor.getValue().getAuditEvent().getType())
.isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
} }
@Test @Test
@ -79,11 +85,13 @@ public class AuthorizationAuditListenerTests {
this.listener.onApplicationEvent(new AuthorizationFailureEvent(this, this.listener.onApplicationEvent(new AuthorizationFailureEvent(this,
Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")), Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
authentication, new AccessDeniedException("Bad user"))); authentication, new AccessDeniedException("Bad user")));
ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor ArgumentCaptor<AuditApplicationEvent> eventArgumentCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class); .forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(auditApplicationEvent.capture()); verify(this.publisher).publishEvent(eventArgumentCaptor.capture());
assertThat(auditApplicationEvent.getValue().getAuditEvent().getData()) AuditApplicationEvent event = eventArgumentCaptor.getValue();
.containsEntry("details", details); assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
assertThat(event.getAuditEvent().getData()).containsEntry("details", details);
} }
} }

Loading…
Cancel
Save