root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Merge branch 'gh-4976'

This commit is contained in:
Andy Wilkinson 2016-01-20 10:14:57 +00:00
parent 1dd166691d 2f24c1862a
commit d7fbe9efbb
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthenticationAuditListener.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2015 the original author or authors. * Copyright 2012-2016 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -61,6 +61,9 @@ public class AuthenticationAuditListener extends AbstractAuthenticationAuditList
Map<String, Object> data = new HashMap<String, Object>(); Map<String, Object> data = new HashMap<String, Object>();
data.put("type", event.getException().getClass().getName()); data.put("type", event.getException().getClass().getName());
data.put("message", event.getException().getMessage()); data.put("message", event.getException().getMessage());
if (event.getAuthentication().getDetails() != null) {
data.put("details", event.getAuthentication().getDetails());
}
publish(new AuditEvent(event.getAuthentication().getName(), publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_FAILURE", data)); "AUTHENTICATION_FAILURE", data));
} }

20
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthenticationAuditListenerTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2015 the original author or authors. * Copyright 2012-2016 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,7 +18,9 @@ package org.springframework.boot.actuate.security;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent;
import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
@ -30,6 +32,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent; import org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent;
import static org.hamcrest.Matchers.hasEntry;
import static org.junit.Assert.assertThat;
import static org.mockito.Matchers.anyObject; import static org.mockito.Matchers.anyObject;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never; import static org.mockito.Mockito.never;
@ -82,4 +86,18 @@ public class AuthenticationAuditListenerTests {
verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
} }
@Test
public void testDetailsAreIncludedInAuditEvent() throws Exception {
Object details = new Object();
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
"user", "password");
authentication.setDetails(details);
this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent(
authentication, new BadCredentialsException("Bad user")));
ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor
.forClass(AuditApplicationEvent.class);
verify(this.publisher).publishEvent(auditApplicationEvent.capture());
assertThat(auditApplicationEvent.getValue().getAuditEvent().getData(),
hasEntry("details", details));
}
} }