org.springframework.security.access.event.AuthorizationFailureEvent Java Examples

The following examples show how to use org.springframework.security.access.event.AuthorizationFailureEvent. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PathAuthorizationAuditListener.java    From zhcet-web with Apache License 2.0 5 votes vote down vote up
@Override
public void onApplicationEvent(AbstractAuthorizationEvent event) {
    if (event instanceof AuthenticationCredentialsNotFoundEvent) {
        onAuthenticationCredentialsNotFoundEvent(
                (AuthenticationCredentialsNotFoundEvent) event);
    } else if (event instanceof AuthorizationFailureEvent) {
        onAuthorizationFailureEvent((AuthorizationFailureEvent) event);
    }
}
 
Example #2
Source File: PathAuthorizationAuditListener.java    From zhcet-web with Apache License 2.0 5 votes vote down vote up
private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) {
    Map<String, Object> data = new HashMap<>();
    data.put("authorities", event.getAuthentication().getAuthorities());
    data.put("type", event.getAccessDeniedException().getClass().getName());
    data.put("message", event.getAccessDeniedException().getMessage());
    if (event.getSource() instanceof FilterInvocation)
        data.put("requestUrl", ((FilterInvocation)event.getSource()).getRequestUrl());
    else if (event.getSource() instanceof ReflectiveMethodInvocation)
        data.put("source", event.getSource());
    if (event.getAuthentication().getDetails() != null) {
        data.put("details", event.getAuthentication().getDetails());
    }

    publish(new AuditEvent(event.getAuthentication().getName(), AuthorizationAuditListener.AUTHORIZATION_FAILURE, data));
}
 
Example #3
Source File: ExposeAttemptedPathAuthorizationAuditListener.java    From tutorials with MIT License 5 votes vote down vote up
private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) {
    Map<String, Object> data = new HashMap<>();
    data.put("type", event.getAccessDeniedException().getClass().getName());
    data.put("message", event.getAccessDeniedException().getMessage());
    data.put("requestUrl", ((FilterInvocation)event.getSource()).getRequestUrl() );
    if (event.getAuthentication().getDetails() != null) {
        data.put("details", event.getAuthentication().getDetails());
    }
    publish(new AuditEvent(event.getAuthentication().getName(), AUTHORIZATION_FAILURE,
                           data));
}
 
Example #4
Source File: AuthorizationFailureEventListener.java    From cia with Apache License 2.0 4 votes vote down vote up
@Override
public void onApplicationEvent(final AuthorizationFailureEvent authorizationFailureEvent) {

	final String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId();

	final CreateApplicationEventRequest serviceRequest = new CreateApplicationEventRequest();
	serviceRequest.setSessionId(sessionId);

	serviceRequest.setEventGroup(ApplicationEventGroup.APPLICATION);
	serviceRequest.setApplicationOperation(ApplicationOperationType.AUTHORIZATION);

	serviceRequest.setUserId(UserContextUtil.getUserIdFromSecurityContext());

	final Page currentPageIfAny = Page.getCurrent();
	final String requestUrl = UserContextUtil.getRequestUrl(currentPageIfAny);
	final UI currentUiIfAny = UI.getCurrent();
	String methodInfo = "";

	if (currentPageIfAny != null && currentUiIfAny != null && currentUiIfAny.getNavigator() != null
			&& currentUiIfAny.getNavigator().getCurrentView() != null) {
		serviceRequest.setPage(currentUiIfAny.getNavigator().getCurrentView().getClass().getSimpleName());
		serviceRequest.setPageMode(currentPageIfAny.getUriFragment());
	}

	if (authorizationFailureEvent.getSource() instanceof ReflectiveMethodInvocation) {
		final ReflectiveMethodInvocation methodInvocation = (ReflectiveMethodInvocation) authorizationFailureEvent
				.getSource();
		if (methodInvocation != null && methodInvocation.getThis() != null) {
			methodInfo = new StringBuilder().append(methodInvocation.getThis().getClass().getSimpleName())
					.append('.').append(methodInvocation.getMethod().getName()).toString();
		}
	}

	final Collection<? extends GrantedAuthority> authorities = authorizationFailureEvent.getAuthentication()
			.getAuthorities();
	final Collection<ConfigAttribute> configAttributes = authorizationFailureEvent.getConfigAttributes();

	serviceRequest.setErrorMessage(MessageFormat.format(ERROR_MESSAGE_FORMAT, requestUrl, methodInfo, AUTHORITIES,
			authorities, REQUIRED_AUTHORITIES, configAttributes, authorizationFailureEvent.getSource()));
	serviceRequest.setApplicationMessage(ACCESS_DENIED);

	applicationManager.service(serviceRequest);

	LOGGER.info(LOG_MSG_AUTHORIZATION_FAILURE_SESSION_ID_AUTHORITIES_REQUIRED_AUTHORITIES,
			requestUrl.replaceAll(CRLF, CRLF_REPLACEMENT), methodInfo.replaceAll(CRLF, CRLF_REPLACEMENT),
			sessionId.replaceAll(CRLF, CRLF_REPLACEMENT), authorities, configAttributes);
}
 
Example #5
Source File: ExposeAttemptedPathAuthorizationAuditListener.java    From tutorials with MIT License 4 votes vote down vote up
@Override
public void onApplicationEvent(AbstractAuthorizationEvent event) {
    if (event instanceof AuthorizationFailureEvent) {
        onAuthorizationFailureEvent((AuthorizationFailureEvent) event);
    }
}