root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Merge pull request #6852 from vpavic:enumerate-audit-event-types 

* pr/6852:
  Polish contribution
  Add constants for supported audit event types
This commit is contained in:
Stephane Nicoll 2016-12-16 14:19:58 +01:00
parent cedac27c80 684be0f048
commit 9e55752bdf
4 changed files with 90 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthenticationAuditListener.java
View File

@ -30,9 +30,25 @@ import org.springframework.util.ClassUtils;
* Default implementation of {@link AbstractAuthenticationAuditListener}.
*
* @author Dave Syer
* @author Vedran Pavic
*/
public class AuthenticationAuditListener extends AbstractAuthenticationAuditListener {
/**
* Authentication success event type.
*/
public static final String AUTHENTICATION_SUCCESS = "AUTHENTICATION_SUCCESS";
/**
* Authentication failure event type.
*/
public static final String AUTHENTICATION_FAILURE = "AUTHENTICATION_FAILURE";
/**
* Authentication switch event type.
*/
public static final String AUTHENTICATION_SWITCH = "AUTHENTICATION_SWITCH";
private static final String WEB_LISTENER_CHECK_CLASS = "org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent";
private WebAuditListener webListener = maybeCreateWebListener();
@ -65,7 +81,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
data.put("details", event.getAuthentication().getDetails());
}
publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_FAILURE", data));
AUTHENTICATION_FAILURE, data));
}
private void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) {
@ -74,7 +90,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
data.put("details", event.getAuthentication().getDetails());
}
publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SUCCESS", data));
AUTHENTICATION_SUCCESS, data));
}
private static class WebAuditListener {
@ -89,7 +105,7 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
}
data.put("target", event.getTargetUser().getUsername());
listener.publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SWITCH", data));
AUTHENTICATION_SWITCH, data));
}
}

11
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthorizationAuditListener.java
View File

@ -28,9 +28,15 @@ import org.springframework.security.access.event.AuthorizationFailureEvent;
* Default implementation of {@link AbstractAuthorizationAuditListener}.
*
* @author Dave Syer
* @author Vedran Pavic
*/
public class AuthorizationAuditListener extends AbstractAuthorizationAuditListener {
/**
* Authorization failure event type.
*/
public static final String AUTHORIZATION_FAILURE = "AUTHORIZATION_FAILURE";
@Override
public void onApplicationEvent(AbstractAuthorizationEvent event) {
if (event instanceof AuthenticationCredentialsNotFoundEvent) {
@ -47,7 +53,8 @@ public class AuthorizationAuditListener extends AbstractAuthorizationAuditListen
Map<String, Object> data = new HashMap<String, Object>();
data.put("type", event.getCredentialsNotFoundException().getClass().getName());
data.put("message", event.getCredentialsNotFoundException().getMessage());
publish(new AuditEvent("<unknown>", "AUTHENTICATION_FAILURE", data));
publish(new AuditEvent("<unknown>",
AuthenticationAuditListener.AUTHENTICATION_FAILURE, data));
}
private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) {
@ -58,7 +65,7 @@ public class AuthorizationAuditListener extends AbstractAuthorizationAuditListen
data.put("details", event.getAuthentication().getDetails());
}
publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHORIZATION_FAILURE", data));
AUTHORIZATION_FAILURE, data));
}
}

49
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthenticationAuditListenerTests.java
View File

@ -25,6 +25,7 @@ import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
@ -55,9 +56,11 @@ public class AuthenticationAuditListenerTests {
@Test
public void testAuthenticationSuccess() {
this.listener.onApplicationEvent(new AuthenticationSuccessEvent(
new UsernamePasswordAuthenticationToken("user", "password")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
AuditApplicationEvent event = handleAuthenticationEvent(
new AuthenticationSuccessEvent(
new UsernamePasswordAuthenticationToken("user", "password")));
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_SUCCESS);
}
@Test
@ -70,19 +73,23 @@ public class AuthenticationAuditListenerTests {
@Test
public void testAuthenticationFailed() {
this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
new UsernamePasswordAuthenticationToken("user", "password"),
new BadCredentialsException("Bad user")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
AuditApplicationEvent event = handleAuthenticationEvent(
new AuthenticationFailureExpiredEvent(
new UsernamePasswordAuthenticationToken("user", "password"),
new BadCredentialsException("Bad user")));
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
}
@Test
public void testAuthenticationSwitch() {
this.listener.onApplicationEvent(new AuthenticationSwitchUserEvent(
new UsernamePasswordAuthenticationToken("user", "password"),
new User("user", "password",
AuthorityUtils.commaSeparatedStringToAuthorityList("USER"))));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
AuditApplicationEvent event = handleAuthenticationEvent(
new AuthenticationSwitchUserEvent(
new UsernamePasswordAuthenticationToken("user", "password"),
new User("user", "password",
AuthorityUtils.commaSeparatedStringToAuthorityList("USER"))));
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_SWITCH);
}
@Test
@ -91,13 +98,21 @@ public class AuthenticationAuditListenerTests {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"user", "password");
authentication.setDetails(details);
this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
AuditApplicationEvent event = handleAuthenticationEvent(new AuthenticationFailureExpiredEvent(
authentication, new BadCredentialsException("Bad user")));
ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(auditApplicationEvent.capture());
assertThat(auditApplicationEvent.getValue().getAuditEvent().getData())
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
assertThat(event.getAuditEvent().getData())
.containsEntry("details", details);
}
private AuditApplicationEvent handleAuthenticationEvent(
AbstractAuthenticationEvent event) {
ArgumentCaptor<AuditApplicationEvent> eventCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
this.listener.onApplicationEvent(event);
verify(this.publisher).publishEvent(eventCaptor.capture());
return eventCaptor.getValue();
}
}

49
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java
View File

@ -16,25 +16,24 @@
package org.springframework.boot.actuate.security;
import java.util.Arrays;
import java.util.Collections;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.event.AbstractAuthorizationEvent;
import org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent;
import org.springframework.security.access.event.AuthorizationFailureEvent;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.anyObject;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@ -55,19 +54,23 @@ public class AuthorizationAuditListenerTests {
@Test
public void testAuthenticationCredentialsNotFound() {
this.listener.onApplicationEvent(new AuthenticationCredentialsNotFoundEvent(this,
Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
new AuthenticationCredentialsNotFoundException("Bad user")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
AuditApplicationEvent event = handleAuthorizationEvent(
new AuthenticationCredentialsNotFoundEvent(this,
Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")),
new AuthenticationCredentialsNotFoundException("Bad user")));
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
}
@Test
public void testAuthorizationFailure() {
this.listener.onApplicationEvent(new AuthorizationFailureEvent(this,
Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
new UsernamePasswordAuthenticationToken("user", "password"),
new AccessDeniedException("Bad user")));
verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
AuditApplicationEvent event = handleAuthorizationEvent(
new AuthorizationFailureEvent(this,
Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")),
new UsernamePasswordAuthenticationToken("user", "password"),
new AccessDeniedException("Bad user")));
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
}
@Test
@ -76,14 +79,22 @@ public class AuthorizationAuditListenerTests {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"user", "password");
authentication.setDetails(details);
this.listener.onApplicationEvent(new AuthorizationFailureEvent(this,
Arrays.<ConfigAttribute>asList(new SecurityConfig("USER")),
authentication, new AccessDeniedException("Bad user")));
ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor
AuditApplicationEvent event = handleAuthorizationEvent(
new AuthorizationFailureEvent(this,
Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")),
authentication, new AccessDeniedException("Bad user")));
assertThat(event.getAuditEvent().getType())
.isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
assertThat(event.getAuditEvent().getData()).containsEntry("details", details);
}
private AuditApplicationEvent handleAuthorizationEvent(
AbstractAuthorizationEvent event) {
ArgumentCaptor<AuditApplicationEvent> eventCaptor = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(auditApplicationEvent.capture());
assertThat(auditApplicationEvent.getValue().getAuditEvent().getData())
.containsEntry("details", details);
this.listener.onApplicationEvent(event);
verify(this.publisher).publishEvent(eventCaptor.capture());
return eventCaptor.getValue();
}
}