@Test public void testAddEventWithWebAuthenticationDetails() { HttpSession session = new MockHttpSession(null, "test-session-id"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(session); request.setRemoteAddr("1.2.3.4"); WebAuthenticationDetails details = new WebAuthenticationDetails(request); Map<String, Object> data = new HashMap<>(); data.put("test-key", details); AuditEvent event = new AuditEvent("test-user", "test-type", data); customAuditEventRepository.add(event); List<PersistentAuditEvent> persistentAuditEvents = persistenceAuditEventRepository.findAll(); assertThat(persistentAuditEvents).hasSize(1); PersistentAuditEvent persistentAuditEvent = persistentAuditEvents.get(0); assertThat(persistentAuditEvent.getData().get("remoteAddress")).isEqualTo("1.2.3.4"); assertThat(persistentAuditEvent.getData().get("sessionId")).isEqualTo("test-session-id"); }
@Override public void handle(Object event) { AuthenticationFailureBadCredentialsEvent loginFailureEvent = (AuthenticationFailureBadCredentialsEvent) event; Object name = loginFailureEvent.getAuthentication().getPrincipal(); Users user = usersRepository.loadUserByUsername((String) name); eventService.raiseSecurityEvent(new AuthenticationFailedEvent( ((WebAuthenticationDetails) loginFailureEvent .getAuthentication().getDetails()).getRemoteAddress(), (String) name)); if (user != null) { // update the failed login count user.increaseFailedLoginAttempts(); if (user.getFailedLoginAttempts() >= max_failed_attempts) { Calendar cal = Calendar.getInstance(); user.setLockoutTime(cal); } // update user usersRepository.updateUser(user); } }
/** * Internal conversion. This method will allow to save additional data. * By default, it will save the object as string * * @param data the data to convert * @return a map of String, String */ public Map<String, String> convertDataToStrings(Map<String, Object> data) { Map<String, String> results = new HashMap<>(); if (data != null) { for (Map.Entry<String, Object> entry : data.entrySet()) { Object object = entry.getValue(); // Extract the data that will be saved. if (object instanceof WebAuthenticationDetails) { WebAuthenticationDetails authenticationDetails = (WebAuthenticationDetails) object; results.put("remoteAddress", authenticationDetails.getRemoteAddress()); results.put("sessionId", authenticationDetails.getSessionId()); } else if (object != null) { results.put(entry.getKey(), object.toString()); } else { results.put(entry.getKey(), "null"); } } } return results; }
/** * Internal conversion. This method will allow to save additional data. * By default, it will save the object as string * * @param data the data to convert * @return a map of String, String */ public Map<String, String> convertDataToStrings(Map<String, Object> data) { Map<String, String> results = new HashMap<>(); if (data != null) { for (String key : data.keySet()) { Object object = data.get(key); // Extract the data that will be saved. if (object instanceof WebAuthenticationDetails) { WebAuthenticationDetails authenticationDetails = (WebAuthenticationDetails) object; results.put("remoteAddress", authenticationDetails.getRemoteAddress()); results.put("sessionId", authenticationDetails.getSessionId()); } else if (object != null) { results.put(key, object.toString()); } else { results.put(key, "null"); } } } return results; }
/** * {@inheritDoc} */ @Override public Optional<String> getRemoteAddress() { return getDetails().flatMap(details -> { String address; if (details instanceof OAuth2AuthenticationDetails) { address = OAuth2AuthenticationDetails.class.cast(details).getRemoteAddress(); } else if (details instanceof WebAuthenticationDetails) { address = WebAuthenticationDetails.class.cast(details).getRemoteAddress(); } else { throw new IllegalStateException("Unsupported auth details type " + details.getClass()); } return Optional.ofNullable(address); }); }
/** * {@inheritDoc} */ @Override public Optional<String> getSessionId() { return getDetails().flatMap(details -> { String sessionId; if (details instanceof OAuth2AuthenticationDetails) { sessionId = OAuth2AuthenticationDetails.class.cast(details).getSessionId(); } else if (details instanceof WebAuthenticationDetails) { sessionId = WebAuthenticationDetails.class.cast(details).getSessionId(); } else { throw new IllegalStateException("Unsupported auth details type " + details.getClass()); } return Optional.ofNullable(sessionId); }); }
@SuppressWarnings("unchecked") private Optional<Map<String, Object>> getDetailsMap() { return getDetails().flatMap( details -> { if (details instanceof OAuth2AuthenticationDetails) { Object decodedDetails = OAuth2AuthenticationDetails.class.cast( details).getDecodedDetails(); return Optional.ofNullable(Map.class.cast(decodedDetails)); } else if (details instanceof WebAuthenticationDetails) { return Optional.empty(); } else { throw new IllegalStateException("Unsupported auth details type " + details.getClass()); } }); }
/** * 取得当前用户登录IP, 如果当前用户未登录则返回空字符串. */ public static String getCurrentUserIp() { Authentication authentication = getAuthentication(); if (authentication == null) { return ""; } Object details = authentication.getDetails(); if (!(details instanceof WebAuthenticationDetails)) { return ""; } WebAuthenticationDetails webDetails = (WebAuthenticationDetails) details; return webDetails.getRemoteAddress(); }
