Example 1 with KEY_ERROR_MESSAGE
use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_ERROR_MESSAGE in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.
the class AuditingAuthenticationMechanism method authenticate.
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
BiConsumer<RoutingContext, Throwable> failureHandler = context.get(QuarkusHttpUser.AUTH_FAILURE_HANDLER);
BiConsumer<RoutingContext, Throwable> auditWrapper = (ctx, ex) -> {
// this sends the http response
failureHandler.accept(ctx, ex);
// if it was an error response log it
if (ctx.response().getStatusCode() >= 400) {
var event = new AuditingEvent();
event.setEventId("authentication_failure");
event.addData(KEY_REQUEST_SOURCE_IP, ctx.request().remoteAddress());
event.addData(KEY_REQUEST_FORWARDED_FOR, ctx.request().getHeader(HEADER_X_FORWARDED_FOR));
event.addData(KEY_REQUEST_METHOD, ctx.request().method().name());
event.addData(KEY_REQUEST_PATH, ctx.request().path());
event.addData(KEY_RESPONSE_CODE, ctx.response().getStatusCode());
event.setSuccessful(false);
if (ex != null) {
event.addData(KEY_ERROR_MESSAGE, ex.getMessage());
}
// Request Context does not exist at this point
AuditingServiceImpl.recordEventNoContext(event);
}
};
context.put(QuarkusHttpUser.AUTH_FAILURE_HANDLER, auditWrapper);
Timer.Sample sample = timerService.start();
return oidcAuthenticationMechanism.authenticate(context, identityProviderManager).onItemOrFailure().invoke((securityIdentity, throwable) -> {
timerService.record(AUTH_TIMER, AUTH_TIMER_DESCRIPTION, throwable == null ? null : List.of(Tag.of(TAG_STATUS_CODE_FAMILY, "4xx")), sample);
});
}
Also used :
BearerAuthenticationMechanism(io.quarkus.oidc.runtime.BearerAuthenticationMechanism)
KEY_RESPONSE_CODE(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_RESPONSE_CODE)
KEY_REQUEST_METHOD(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_METHOD)
UnlessBuildProfile(io.quarkus.arc.profile.UnlessBuildProfile)
Alternative(javax.enterprise.inject.Alternative)
KEY_ERROR_MESSAGE(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_ERROR_MESSAGE)
KEY_REQUEST_FORWARDED_FOR(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR)
OidcAuthenticationMechanism(io.quarkus.oidc.runtime.OidcAuthenticationMechanism)
RoutingContext(io.vertx.ext.web.RoutingContext)
KEY_REQUEST_PATH(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_PATH)
Uni(io.smallrye.mutiny.Uni)
Inject(javax.inject.Inject)
AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)
Timer(io.micrometer.core.instrument.Timer)
HttpAuthenticationMechanism(io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism)
BiConsumer(java.util.function.BiConsumer)
SecurityIdentity(io.quarkus.security.identity.SecurityIdentity)
Tag(io.micrometer.core.instrument.Tag)
Set(java.util.Set)
HttpCredentialTransport(io.quarkus.vertx.http.runtime.security.HttpCredentialTransport)
KEY_REQUEST_SOURCE_IP(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_SOURCE_IP)
HEADER_X_FORWARDED_FOR(org.bf2.srs.fleetmanager.AuditingServletFilter.HEADER_X_FORWARDED_FOR)
Constants(org.bf2.srs.fleetmanager.common.metrics.Constants)
Priority(javax.annotation.Priority)
List(java.util.List)
ChallengeData(io.quarkus.vertx.http.runtime.security.ChallengeData)
QuarkusHttpUser(io.quarkus.vertx.http.runtime.security.QuarkusHttpUser)
ApplicationScoped(javax.enterprise.context.ApplicationScoped)
IdentityProviderManager(io.quarkus.security.identity.IdentityProviderManager)
AuthenticationRequest(io.quarkus.security.identity.request.AuthenticationRequest)
TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest)
Collections(java.util.Collections)
TimerService(org.bf2.srs.fleetmanager.operation.metrics.TimerService)
RoutingContext(io.vertx.ext.web.RoutingContext)
Timer(io.micrometer.core.instrument.Timer)
AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)
Example 2 with KEY_ERROR_MESSAGE
use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_ERROR_MESSAGE in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.
the class AuditingInterceptor method intercept.
@AroundInvoke
public Object intercept(InvocationContext context) throws Exception {
Audited annotation = context.getMethod().getAnnotation(Audited.class);
if (annotation.extractParameters().length % 2 != 0)
throw new IllegalStateException("Field @Audited.extractParameters on method '" + context.getMethod().getName() + "' must contain an even number of elements.");
var event = new AuditingEvent();
if (securityIdentity != null && !securityIdentity.isAnonymous()) {
event.addData(KEY_PRINCIPAL_ID, securityIdentity.getPrincipal().getName());
}
// Event ID
var eventId = annotation.eventId();
if (eventId.isBlank()) {
eventId = EVENT_ID_METHOD_CALL_PREFIX + context.getMethod().getName();
}
event.setEventId(eventId);
event.addData(KEY_CLASS, context.getTarget().getClass().getCanonicalName());
// Event Description
var eventDescription = annotation.eventDescription();
if (!eventDescription.isBlank()) {
event.setEventDescription(eventDescription);
}
// Parameter extraction via annotation
var annotationParams = annotation.extractParameters();
if (annotationParams.length > 0) {
for (int i = 0; i <= annotationParams.length - 2; i += 2) {
var key = annotationParams[i + 1];
var value = context.getParameters()[Integer.parseInt(annotationParams[i])];
event.addData(key, value);
}
}
// Parameter extraction via extractors
for (Object param : context.getParameters()) {
if (param != null) {
var extractor = PARAMETER_EXTRACTORS.get(param.getClass());
if (extractor != null) {
extractor.accept(param, event);
}
}
}
try {
var result = context.proceed();
event.setSuccessful(true);
if (result != null) {
// Return value extraction via annotation
if (!annotation.extractResult().isBlank()) {
var key = annotation.extractResult();
event.addData(key, result);
}
// Return value extraction via extractors
var extractor = PARAMETER_EXTRACTORS.get(result.getClass());
if (extractor != null) {
extractor.accept(result, event);
}
}
return result;
} catch (Exception ex) {
event.setSuccessful(false);
var message = ex.getClass().getCanonicalName() + (ex.getMessage() != null ? ": " + ex.getMessage() : "");
event.addData(KEY_ERROR_MESSAGE, shorten(message, 120));
throw ex;
} finally {
auditing.recordEvent(event);
}
}
Also used :
Audited(org.bf2.srs.fleetmanager.common.operation.auditing.Audited)
AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)
AroundInvoke(javax.interceptor.AroundInvoke)
Aggregations
AuditingEvent (org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)2
Tag (io.micrometer.core.instrument.Tag)1
Timer (io.micrometer.core.instrument.Timer)1
UnlessBuildProfile (io.quarkus.arc.profile.UnlessBuildProfile)1
BearerAuthenticationMechanism (io.quarkus.oidc.runtime.BearerAuthenticationMechanism)1
OidcAuthenticationMechanism (io.quarkus.oidc.runtime.OidcAuthenticationMechanism)1
IdentityProviderManager (io.quarkus.security.identity.IdentityProviderManager)1
SecurityIdentity (io.quarkus.security.identity.SecurityIdentity)1
AuthenticationRequest (io.quarkus.security.identity.request.AuthenticationRequest)1
TokenAuthenticationRequest (io.quarkus.security.identity.request.TokenAuthenticationRequest)1
ChallengeData (io.quarkus.vertx.http.runtime.security.ChallengeData)1
HttpAuthenticationMechanism (io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism)1
HttpCredentialTransport (io.quarkus.vertx.http.runtime.security.HttpCredentialTransport)1
QuarkusHttpUser (io.quarkus.vertx.http.runtime.security.QuarkusHttpUser)1
Uni (io.smallrye.mutiny.Uni)1
RoutingContext (io.vertx.ext.web.RoutingContext)1
Collections (java.util.Collections)1
List (java.util.List)1
Set (java.util.Set)1
BiConsumer (java.util.function.BiConsumer)1
