/** * Обрататывает событие неудачной аутентификации * * @param event событие */ private void handleAuthenticationFailureEvent(AbstractAuthenticationFailureEvent event) { if (LOG.isWarnEnabled()) { Authentication authentication = event.getAuthentication(); String commonMessage = String.format( FAILURE_TEMPLATE, DateUtil.formatDateTime(new Date(event.getTimestamp())), extractPrincipal(authentication), authentication.getCredentials(), event.getException() != null ? event.getException().getMessage() : "unknown" ); String detailsMessage = (authentication.getDetails() != null) ? OBJECT_HEX_PATTERN.matcher(authentication.getDetails().toString()).replaceAll("") : null; String resultMessage = StringUtils.hasText(detailsMessage) ? String.format(DETAILS_TEMPLATE, commonMessage, detailsMessage) : commonMessage; LOG.warn(resultMessage); } }
@Override public void onApplicationEvent(AbstractAuthenticationEvent event) { final StringBuilder builder = new StringBuilder(); builder.append("Authentication event "); builder.append(event.getClass().getSimpleName()); builder.append(": "); builder.append(event.getAuthentication().getName()); builder.append("; details: "); builder.append(event.getAuthentication().getDetails()); if (event instanceof AbstractAuthenticationFailureEvent) { builder.append("; exception: "); builder.append(((AbstractAuthenticationFailureEvent) event) .getException().getMessage()); } LOG.warn(builder.toString()); }
@Override public void onApplicationEvent(ApplicationEvent event) { if (event instanceof AbstractAuthenticationFailureEvent) { if (event.getSource() instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken token = (AbstractAuthenticationToken) event.getSource(); Object details = token.getDetails(); if (details instanceof WebAuthenticationDetails) { LOG.info("Login failed from [" + ((WebAuthenticationDetails) details).getRemoteAddress() + "]"); } } } }
private static void emitLogMessage(AbstractAuthenticationEvent event) { final StringBuilder builder = new StringBuilder(); builder.append("Authentication event "); builder.append(ClassUtils.getShortName(event.getClass())); builder.append(": "); builder.append(event.getAuthentication().getName()); if (event instanceof AbstractAuthenticationFailureEvent) { builder.append("; exception: "); builder.append(((AbstractAuthenticationFailureEvent) event).getException().getMessage()); } LOG.warn(builder.toString()); }
private void storeLogMessage(final AbstractAuthenticationEvent event) { try { if (event instanceof InteractiveAuthenticationSuccessEvent) { accountAuditService.auditLoginSuccessEvent(InteractiveAuthenticationSuccessEvent.class.cast(event)); } else if (event instanceof AuthenticationSuccessEvent) { accountAuditService.auditLoginSuccessEvent(AuthenticationSuccessEvent.class.cast(event)); } else if (event instanceof AbstractAuthenticationFailureEvent) { accountAuditService.auditLoginFailureEvent(AbstractAuthenticationFailureEvent.class.cast(event)); } } catch (Exception ex) { LOG.error("Failed to audit authentication event in database", ex); } }
@Transactional public void auditLoginFailureEvent(AbstractAuthenticationFailureEvent failureEvent) { final AccountActivityMessage message = createLogMessage( null, failureEvent.getAuthentication(), AccountActivityMessage.ActivityType.LOGIN_FAILRE); if (failureEvent.getException() != null) { message.setExceptionMessage(failureEvent.getException().getMessage()); } logMessageRepository.save(message); }
@Test public void testAuditLogin_failure() { final String error = "exception message"; final AbstractAuthenticationFailureEvent event = new AuthenticationFailureBadCredentialsEvent( authMock, new BadCredentialsException(error)); auditService.auditLoginFailureEvent(event); verify(accountActivityMessageRepository, times(1)) .save(argThat(matches(false, username, error))); verifyNoMoreInteractions(accountActivityMessageRepository); }
@Override public void onApplicationEvent(AbstractAuthenticationEvent event) { if (event instanceof AbstractAuthenticationFailureEvent) { onAuthenticationFailureEvent((AbstractAuthenticationFailureEvent) event); } else if (this.webListener != null && this.webListener.accepts(event)) { this.webListener.process(this, event); } else if (event instanceof AuthenticationSuccessEvent) { onAuthenticationSuccessEvent((AuthenticationSuccessEvent) event); } }
private void onAuthenticationFailureEvent(AbstractAuthenticationFailureEvent event) { Map<String, Object> data = new HashMap<String, Object>(); data.put("type", event.getException().getClass().getName()); data.put("message", event.getException().getMessage()); if (event.getAuthentication().getDetails() != null) { data.put("details", event.getAuthentication().getDetails()); } publish(new AuditEvent(event.getAuthentication().getName(), "AUTHENTICATION_FAILURE", data)); }
@Override public void onApplicationEvent(AbstractAuthenticationEvent event) { Authentication source = event.getAuthentication(); if (event instanceof AbstractAuthenticationFailureEvent) { Exception e = ((AbstractAuthenticationFailureEvent) event).getException(); log.info(String.format("Authentication failure [user: %s] [error: %s]", source.getName(), e.getMessage())); } else if (event instanceof AuthenticationSuccessEvent) { String userName = source.getName(); log.info(String.format("User logged in [user: %s]", userName)); eventService.post(EventType.Login.toString(), userName, null); } }
@Override public void onApplicationEvent(AbstractAuthenticationEvent event) { if (event instanceof AbstractAuthenticationFailureEvent) { onAuthenticationFailureEvent((AbstractAuthenticationFailureEvent) event); } else if (this.webListener != null && this.webListener.accepts(event)) { this.webListener.process(this, event); } else { onAuthenticationEvent(event); } }
private void onAuthenticationFailureEvent(AbstractAuthenticationFailureEvent event) { Map<String, Object> data = new HashMap<String, Object>(); data.put("type", event.getException().getClass().getName()); data.put("message", event.getException().getMessage()); publish(new AuditEvent(event.getAuthentication().getName(), "AUTHENTICATION_FAILURE", data)); }
@Override public void onApplicationEvent(AbstractAuthenticationEvent event) { // Authentication success if (event instanceof AuthenticationSuccessEvent) { handleAuthenticationSuccessEvent((AuthenticationSuccessEvent) event); } // Authentication failure if (event instanceof AbstractAuthenticationFailureEvent) { handleAuthenticationFailureEvent((AbstractAuthenticationFailureEvent) event); } // Authentication clear if (event instanceof AuthenticationCleanedEvent) { handleAuthenticationCleanedEvent((AuthenticationCleanedEvent) event); } }
@EventListener public void onLogin(AbstractAuthenticationFailureEvent event) { LOGGER.info("User {} login failure: {}", event.getAuthentication().getPrincipal(), String.valueOf(event.getException())); }
public void loginFailure(AbstractAuthenticationFailureEvent event) { Authentication authentication = event.getAuthentication(); update(authentication.getPrincipal(), false); }