@Test public void addAuditEventTruncateLargeData() { Map<String, Object> data = new HashMap<>(); StringBuilder largeData = new StringBuilder(); for (int i = 0; i < EVENT_DATA_COLUMN_MAX_LENGTH + 10; i++) { largeData.append("a"); } data.put("test-key", largeData); AuditEvent event = new AuditEvent("test-user", "test-type", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(1); PersistentAuditEvent persistentAuditEvent = persistentAuditEvents.get(0); assertThat(persistentAuditEvent.getPrincipal()).isEqualTo(event.getPrincipal()); assertThat(persistentAuditEvent.getAuditEventType()).isEqualTo(event.getType()); assertThat(persistentAuditEvent.getData()).containsKey("test-key"); String actualData = persistentAuditEvent.getData().get("test-key"); assertThat(actualData.length()).isEqualTo(EVENT_DATA_COLUMN_MAX_LENGTH); assertThat(actualData).isSubstringOf(largeData); assertThat(persistentAuditEvent.getAuditEventDate()).isEqualTo(event.getTimestamp().toInstant()); }
@Test public void testFindByPrincipal() { persistenceAuditEventRepository.save(testUserEvent); persistenceAuditEventRepository.save(testOldUserEvent); persistenceAuditEventRepository.save(testOtherUserEvent); List<AuditEvent> events = customAuditEventRepository .find("test-user", Date.from(testUserEvent.getAuditEventDate().minusSeconds(3600))); assertThat(events).hasSize(1); AuditEvent event = events.get(0); assertThat(event.getPrincipal()).isEqualTo(testUserEvent.getPrincipal()); assertThat(event.getType()).isEqualTo(testUserEvent.getAuditEventType()); assertThat(event.getData()).containsKey("test-key"); assertThat(event.getData().get("test-key").toString()).isEqualTo("test-value"); assertThat(event.getTimestamp()).isEqualTo(Date.from(testUserEvent.getAuditEventDate())); }
@Test public void findByPrincipalAndType() { persistenceAuditEventRepository.save(testUserEvent); persistenceAuditEventRepository.save(testOldUserEvent); testOtherUserEvent.setAuditEventType(testUserEvent.getAuditEventType()); persistenceAuditEventRepository.save(testOtherUserEvent); PersistentAuditEvent testUserOtherTypeEvent = new PersistentAuditEvent(); testUserOtherTypeEvent.setPrincipal(testUserEvent.getPrincipal()); testUserOtherTypeEvent.setAuditEventType("test-other-type"); testUserOtherTypeEvent.setAuditEventDate(testUserEvent.getAuditEventDate()); persistenceAuditEventRepository.save(testUserOtherTypeEvent); List<AuditEvent> events = customAuditEventRepository.find("test-user", Date.from(testUserEvent.getAuditEventDate().minusSeconds(3600)), "test-type"); assertThat(events).hasSize(1); AuditEvent event = events.get(0); assertThat(event.getPrincipal()).isEqualTo(testUserEvent.getPrincipal()); assertThat(event.getType()).isEqualTo(testUserEvent.getAuditEventType()); assertThat(event.getData()).containsKey("test-key"); assertThat(event.getData().get("test-key").toString()).isEqualTo("test-value"); assertThat(event.getTimestamp()).isEqualTo(Date.from(testUserEvent.getAuditEventDate())); }
@Test public void testAddEventWithWebAuthenticationDetails() { HttpSession session = new MockHttpSession(null, "test-session-id"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(session); request.setRemoteAddr("1.2.3.4"); WebAuthenticationDetails details = new WebAuthenticationDetails(request); Map<String, Object> data = new HashMap<>(); data.put("test-key", details); AuditEvent event = new AuditEvent("test-user", "test-type", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(1); PersistentAuditEvent persistentAuditEvent = persistentAuditEvents.get(0); assertThat(persistentAuditEvent.getData().get("remoteAddress")).isEqualTo("1.2.3.4"); assertThat(persistentAuditEvent.getData().get("sessionId")).isEqualTo("test-session-id"); }
@EventListener public void onAuditEvent(AuditApplicationEvent event) { AuditEvent auditEvent = event.getAuditEvent(); if (auditEvent.getType() == AuthenticationAuditListener.AUTHENTICATION_SUCCESS) { return; } log.info("Logging audit application event: timestamp: {}, principal: {}, type: {}, data: {}", auditEvent.getTimestamp(), auditEvent.getPrincipal(), auditEvent.getType(), auditEvent.getData() ); auditLogRepository.save( AuditLog.builder() .type(auditEvent.getType()) .principal(auditEvent.getPrincipal()) .timestamp(auditEvent.getTimestamp().toInstant()) .data(auditEvent.getData()) .build() ); }
/** * GET /audits : get a page of AuditEvents between the fromDate and toDate. * * @param fromDate the start of the time period of AuditEvents to get * @param toDate the end of the time period of AuditEvents to get * @param pageable the pagination information * @return the ResponseEntity with status 200 (OK) and the list of AuditEvents in body * @throws URISyntaxException if there is an error to generate the pagination HTTP headers */ @GetMapping(params = {"fromDate", "toDate"}) @Secured(AuthoritiesConstants.ADMIN) public ResponseEntity<List<AuditEvent>> getByDates( @RequestParam(value = "fromDate") LocalDate fromDate, @RequestParam(value = "toDate") LocalDate toDate, @ApiParam Pageable pageable) throws URISyntaxException { Page<AuditEvent> page = auditEventService.findByDates(fromDate.atTime(0, 0), toDate.atTime(23, 59), pageable); HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(page, "/management/audits"); return new ResponseEntity<>(page.getContent(), headers, HttpStatus.OK); }
/** * GET /audits : get a page of AuditEvents. * * @param pageable the pagination information * @return the ResponseEntity with status 200 (OK) and the list of AuditEvents in body */ @GetMapping public ResponseEntity<List<AuditEvent>> getAll(Pageable pageable) { Page<AuditEvent> page = auditEventService.findAll(pageable); HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(page, "/management/audits"); return new ResponseEntity<>(page.getContent(), headers, HttpStatus.OK); }
@Override @Transactional(propagation = Propagation.REQUIRES_NEW) public void add(AuditEvent event) { if (!AUTHORIZATION_FAILURE.equals(event.getType()) && !Constants.ANONYMOUS_USER.equals(event.getPrincipal())) { PersistentAuditEvent persistentAuditEvent = new PersistentAuditEvent(); persistentAuditEvent.setPrincipal(event.getPrincipal()); persistentAuditEvent.setAuditEventType(event.getType()); persistentAuditEvent.setAuditEventDate(event.getTimestamp().toInstant()); persistentAuditEvent.setData(auditEventConverter.convertDataToStrings(event.getData())); persistenceAuditEventRepository.save(persistentAuditEvent); } }
/** * GET /audits : get a page of AuditEvents. * * @param pageable the pagination information * @return the ResponseEntity with status 200 (OK) and the list of AuditEvents in body */ @GetMapping public ResponseEntity<List<AuditEvent>> getAll(@ApiParam Pageable pageable) { Page<AuditEvent> page = auditEventService.findAll(pageable); HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(page, "/management/audits"); return new ResponseEntity<>(page.getContent(), headers, HttpStatus.OK); }
@Test public void addAuditEventWithAnonymousUser() { Map<String, Object> data = new HashMap<>(); data.put("test-key", "test-value"); AuditEvent event = new AuditEvent(Constants.ANONYMOUS_USER, "test-type", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(0); }
@Override public List<AuditEvent> find(String principal, Date after) { Iterable<PersistentAuditEvent> persistentAuditEvents; if (principal == null && after == null) { persistentAuditEvents = persistenceAuditEventRepository.findAll(); } else if (after == null) { persistentAuditEvents = persistenceAuditEventRepository.findByPrincipal(principal); } else { persistentAuditEvents = persistenceAuditEventRepository.findByPrincipalAndAuditEventDateAfter(principal, after.toInstant()); } return auditEventConverter.convertToAuditEvent(persistentAuditEvents); }
/** * Convert a list of PersistentAuditEvent to a list of AuditEvent * * @param persistentAuditEvents the list to convert * @return the converted list. */ public List<AuditEvent> convertToAuditEvent(Iterable<PersistentAuditEvent> persistentAuditEvents) { if (persistentAuditEvents == null) { return Collections.emptyList(); } List<AuditEvent> auditEvents = new ArrayList<>(); for (PersistentAuditEvent persistentAuditEvent : persistentAuditEvents) { auditEvents.add(convertToAuditEvent(persistentAuditEvent)); } return auditEvents; }
@Override public List<AuditEvent> find(String principal, Date after) { Iterable<PersistentAuditEvent> persistentAuditEvents; if (principal == null && after == null) { persistentAuditEvents = persistenceAuditEventRepository.findAll(); } else if (after == null) { persistentAuditEvents = persistenceAuditEventRepository.findByPrincipal(principal); } else { persistentAuditEvents = persistenceAuditEventRepository.findByPrincipalAndAuditEventDateAfter(principal, LocalDateTime.from(after.toInstant())); } return auditEventConverter.convertToAuditEvent(persistentAuditEvents); }
/** * GET /audits/:id : get an AuditEvent by id. * * @param id the id of the entity to get * @return the ResponseEntity with status 200 (OK) and the AuditEvent in body, or status 404 (Not Found) */ @RequestMapping(value = "/{id:.+}", method = RequestMethod.GET) public ResponseEntity<AuditEvent> get(@PathVariable Long id) { return auditEventService.find(id) .map((entity) -> new ResponseEntity<>(entity, HttpStatus.OK)) .orElse(new ResponseEntity<>(HttpStatus.NOT_FOUND)); }
@Test public void testFindByPrincipalIsNullAndAfterIsNull() { persistenceAuditEventRepository.save(testUserEvent); persistenceAuditEventRepository.save(testOtherUserEvent); List<AuditEvent> events = customAuditEventRepository.find(null, null); assertThat(events).hasSize(2); assertThat(events).extracting("principal") .containsExactlyInAnyOrder("test-user", "other-test-user"); }
@Test public void testAddEventWithNullData() { Map<String, Object> data = new HashMap<>(); data.put("test-key", null); AuditEvent event = new AuditEvent("test-user", "test-type", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(1); PersistentAuditEvent persistentAuditEvent = persistentAuditEvents.get(0); assertThat(persistentAuditEvent.getData().get("test-key")).isEqualTo("null"); }
@Test public void testFindAfter() { persistenceAuditEventRepository.save(testUserEvent); persistenceAuditEventRepository.save(testOldUserEvent); List<AuditEvent> events = customAuditEventRepository.find(Date.from(testUserEvent.getAuditEventDate().minusSeconds(3600))); assertThat(events).hasSize(1); AuditEvent event = events.get(0); assertThat(event.getPrincipal()).isEqualTo(testUserEvent.getPrincipal()); assertThat(event.getType()).isEqualTo(testUserEvent.getAuditEventType()); assertThat(event.getData()).containsKey("test-key"); assertThat(event.getData().get("test-key").toString()).isEqualTo("test-value"); assertThat(event.getTimestamp()).isEqualTo(Date.from(testUserEvent.getAuditEventDate())); }
@Override @Transactional(propagation = Propagation.REQUIRES_NEW) public void add(AuditEvent event) { if (!AUTHORIZATION_FAILURE.equals(event.getType()) && !Constants.ANONYMOUS_USER.equals(event.getPrincipal())) { PersistentAuditEvent persistentAuditEvent = new PersistentAuditEvent(); persistentAuditEvent.setPrincipal(event.getPrincipal()); persistentAuditEvent.setAuditEventType(event.getType()); persistentAuditEvent.setAuditEventDate(event.getTimestamp().toInstant()); Map<String, String> eventData = auditEventConverter.convertDataToStrings(event.getData()); persistentAuditEvent.setData(truncate(eventData)); persistenceAuditEventRepository.save(persistentAuditEvent); } }
public static AuditLog fromAuditEvent(AuditEvent auditEvent) { return AuditLog.builder() .timestamp(auditEvent.getTimestamp().toInstant()) .principal(auditEvent.getPrincipal()) .type(auditEvent.getType()) .data(auditEvent.getData()) .build(); }
@Test public void addAuditEvent() { Map<String, Object> data = new HashMap<>(); data.put("test-key", "test-value"); AuditEvent event = new AuditEvent("test-user", "test-type", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(1); PersistentAuditEvent persistentAuditEvent = persistentAuditEvents.get(0); assertThat(persistentAuditEvent.getPrincipal()).isEqualTo(event.getPrincipal()); assertThat(persistentAuditEvent.getAuditEventType()).isEqualTo(event.getType()); assertThat(persistentAuditEvent.getData()).containsKey("test-key"); assertThat(persistentAuditEvent.getData().get("test-key")).isEqualTo("test-value"); assertThat(persistentAuditEvent.getAuditEventDate()).isEqualTo(event.getTimestamp().toInstant()); }
@Test public void addAuditEventWithAuthorizationFailureType() { Map<String, Object> data = new HashMap<>(); data.put("test-key", "test-value"); AuditEvent event = new AuditEvent("test-user", "AUTHORIZATION_FAILURE", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(0); }
/** * GET /audits : get a page of AuditEvents between the fromDate and toDate. * * @param fromDate the start of the time period of AuditEvents to get * @param toDate the end of the time period of AuditEvents to get * @param pageable the pagination information * @return the ResponseEntity with status 200 (OK) and the list of AuditEvents in body */ @GetMapping(params = {"fromDate", "toDate"}) public ResponseEntity<List<AuditEvent>> getByDates( @RequestParam(value = "fromDate") LocalDate fromDate, @RequestParam(value = "toDate") LocalDate toDate, @ApiParam Pageable pageable) { Page<AuditEvent> page = auditEventService.findByDates(fromDate.atTime(0, 0), toDate.atTime(23, 59), pageable); HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(page, "/management/audits"); return new ResponseEntity<>(page.getContent(), headers, HttpStatus.OK); }
@Test public void testFindByPrincipalNotNullAndAfterIsNull() { persistenceAuditEventRepository.save(testUserEvent); persistenceAuditEventRepository.save(testOtherUserEvent); List<AuditEvent> events = customAuditEventRepository.find("test-user", null); assertThat(events).hasSize(1); assertThat(events.get(0).getPrincipal()).isEqualTo("test-user"); }
/** * GET /audits : get a page of AuditEvents between the fromDate and toDate. * * @param fromDate the start of the time period of AuditEvents to get * @param toDate the end of the time period of AuditEvents to get * @param pageable the pagination information * @return the ResponseEntity with status 200 (OK) and the list of AuditEvents in body */ @GetMapping(params = {"fromDate", "toDate"}) public ResponseEntity<List<AuditEvent>> getByDates( @RequestParam(value = "fromDate") LocalDate fromDate, @RequestParam(value = "toDate") LocalDate toDate, Pageable pageable) { Page<AuditEvent> page = auditEventService.findByDates( fromDate.atStartOfDay(ZoneId.systemDefault()).toInstant(), toDate.atStartOfDay(ZoneId.systemDefault()).plusDays(1).toInstant(), pageable); HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(page, "/management/audits"); return new ResponseEntity<>(page.getContent(), headers, HttpStatus.OK); }
