public void onApplicationEvent(ApplicationEvent event) { try { if (event instanceof InteractiveAuthenticationSuccessEvent) { this.logLoginSuccess(event); } if (event instanceof AuthenticationFailureBadCredentialsEvent) { this.logBadCredential(event); } if (event instanceof AuthenticationFailureLockedEvent) { this.logLocked(event); } if (event instanceof AuthenticationFailureDisabledEvent) { this.logDisabled(event); } if (event instanceof AuthenticationFailureExpiredEvent) { this.logAccountExpired(event); } if (event instanceof AuthenticationFailureCredentialsExpiredEvent) { this.logCredentialExpired(event); } } catch (Exception ex) { logger.error(ex.getMessage(), ex); } }
public void logAccountExpired(ApplicationEvent event) throws Exception { AuthenticationFailureExpiredEvent authenticationFailureExpiredEvent = (AuthenticationFailureExpiredEvent) event; Authentication authentication = authenticationFailureExpiredEvent .getAuthentication(); logger.info("{}", authentication); String tenantId = this.getTenantId(authentication); Object principal = authentication.getPrincipal(); String userId = null; if (principal instanceof SpringSecurityUserAuth) { userId = ((SpringSecurityUserAuth) principal).getId(); } else { userId = authentication.getName(); } AuditDTO auditDto = new AuditDTO(); auditDto.setUserId(userId); auditDto.setAuditTime(new Date()); auditDto.setAction("login"); auditDto.setResult("failure"); auditDto.setApplication("lemon"); auditDto.setClient(getUserIp(authentication)); auditDto.setServer(InetAddress.getLocalHost().getHostAddress()); auditDto.setDescription(authenticationFailureExpiredEvent .getException().getMessage()); auditDto.setTenantId(tenantId); auditConnector.log(auditDto); ctx.publishEvent(new LoginEvent(authentication, userId, this .getSessionId(authentication), "accountExpired", "default", tenantId)); }
@Test public void testAuthenticationFailed() { this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent( new UsernamePasswordAuthenticationToken("user", "password"), new BadCredentialsException("Bad user"))); verify(this.publisher).publishEvent((ApplicationEvent) anyObject()); }
@Test public void testDetailsAreIncludedInAuditEvent() throws Exception { Object details = new Object(); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( "user", "password"); authentication.setDetails(details); this.listener.onApplicationEvent(new AuthenticationFailureExpiredEvent( authentication, new BadCredentialsException("Bad user"))); ArgumentCaptor<AuditApplicationEvent> auditApplicationEvent = ArgumentCaptor .forClass(AuditApplicationEvent.class); verify(this.publisher).publishEvent(auditApplicationEvent.capture()); assertThat(auditApplicationEvent.getValue().getAuditEvent().getData()) .containsEntry("details", details); }