Search in sources :

Example 1 with KEY_REQUEST_FORWARDED_FOR

use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class AuditingServletFilter method doFilter.

@Override
@ActivateRequestContext
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    // Activate Operation Context
    if (opCtx.isContextDataLoaded()) {
        throw new IllegalStateException("Unexpected state: Operation Context is already loaded");
    }
    opCtx.loadNewContextData();
    var req = (HttpServletRequest) request;
    var res = (HttpServletResponse) response;
    // TODO Unify logic to extract this using parameter extractors
    auditing.addTraceMetadata(KEY_REQUEST_SOURCE_IP, req.getRemoteAddr());
    auditing.addTraceMetadata(KEY_REQUEST_FORWARDED_FOR, req.getHeader(HEADER_X_FORWARDED_FOR));
    auditing.addTraceMetadata(KEY_REQUEST_METHOD, req.getMethod());
    auditing.addTraceMetadata(KEY_REQUEST_PATH, req.getRequestURI());
    AccountInfo accountInfo = authService.extractAccountInfo();
    auditing.addTraceMetadata(KEY_USER_ACCOUNT_ID, accountInfo.getAccountId());
    auditing.addTraceMetadata(KEY_USER_ACCOUNT_NAME, accountInfo.getAccountUsername());
    auditing.addTraceMetadata(KEY_USER_ORG_ID, accountInfo.getOrganizationId());
    auditing.addTraceMetadata(KEY_USER_IS_ORG_ADMIN, accountInfo.isAdmin());
    chain.doFilter(request, response);
    if (res.getStatus() >= 400) {
        var event = new AuditingEvent();
        event.setEventId("request_failure");
        event.addData(KEY_RESPONSE_CODE, res.getStatus());
        event.setSuccessful(false);
        auditing.recordEvent(event);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo) AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent) ActivateRequestContext(javax.enterprise.context.control.ActivateRequestContext)

Example 2 with KEY_REQUEST_FORWARDED_FOR

use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.

the class AuditingAuthenticationMechanism method authenticate.

@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
    BiConsumer<RoutingContext, Throwable> failureHandler = context.get(QuarkusHttpUser.AUTH_FAILURE_HANDLER);
    BiConsumer<RoutingContext, Throwable> auditWrapper = (ctx, ex) -> {
        // this sends the http response
        failureHandler.accept(ctx, ex);
        // if it was an error response log it
        if (ctx.response().getStatusCode() >= 400) {
            var event = new AuditingEvent();
            event.setEventId("authentication_failure");
            event.addData(KEY_REQUEST_SOURCE_IP, ctx.request().remoteAddress());
            event.addData(KEY_REQUEST_FORWARDED_FOR, ctx.request().getHeader(HEADER_X_FORWARDED_FOR));
            event.addData(KEY_REQUEST_METHOD, ctx.request().method().name());
            event.addData(KEY_REQUEST_PATH, ctx.request().path());
            event.addData(KEY_RESPONSE_CODE, ctx.response().getStatusCode());
            event.setSuccessful(false);
            if (ex != null) {
                event.addData(KEY_ERROR_MESSAGE, ex.getMessage());
            }
            // Request Context does not exist at this point
            AuditingServiceImpl.recordEventNoContext(event);
        }
    };
    context.put(QuarkusHttpUser.AUTH_FAILURE_HANDLER, auditWrapper);
    Timer.Sample sample = timerService.start();
    return oidcAuthenticationMechanism.authenticate(context, identityProviderManager).onItemOrFailure().invoke((securityIdentity, throwable) -> {
        timerService.record(AUTH_TIMER, AUTH_TIMER_DESCRIPTION, throwable == null ? null : List.of(Tag.of(TAG_STATUS_CODE_FAMILY, "4xx")), sample);
    });
}
Also used : BearerAuthenticationMechanism(io.quarkus.oidc.runtime.BearerAuthenticationMechanism) KEY_RESPONSE_CODE(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_RESPONSE_CODE) KEY_REQUEST_METHOD(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_METHOD) UnlessBuildProfile(io.quarkus.arc.profile.UnlessBuildProfile) Alternative(javax.enterprise.inject.Alternative) KEY_ERROR_MESSAGE(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_ERROR_MESSAGE) KEY_REQUEST_FORWARDED_FOR(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR) OidcAuthenticationMechanism(io.quarkus.oidc.runtime.OidcAuthenticationMechanism) RoutingContext(io.vertx.ext.web.RoutingContext) KEY_REQUEST_PATH(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_PATH) Uni(io.smallrye.mutiny.Uni) Inject(javax.inject.Inject) AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent) Timer(io.micrometer.core.instrument.Timer) HttpAuthenticationMechanism(io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism) BiConsumer(java.util.function.BiConsumer) SecurityIdentity(io.quarkus.security.identity.SecurityIdentity) Tag(io.micrometer.core.instrument.Tag) Set(java.util.Set) HttpCredentialTransport(io.quarkus.vertx.http.runtime.security.HttpCredentialTransport) KEY_REQUEST_SOURCE_IP(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_SOURCE_IP) HEADER_X_FORWARDED_FOR(org.bf2.srs.fleetmanager.AuditingServletFilter.HEADER_X_FORWARDED_FOR) Constants(org.bf2.srs.fleetmanager.common.metrics.Constants) Priority(javax.annotation.Priority) List(java.util.List) ChallengeData(io.quarkus.vertx.http.runtime.security.ChallengeData) QuarkusHttpUser(io.quarkus.vertx.http.runtime.security.QuarkusHttpUser) ApplicationScoped(javax.enterprise.context.ApplicationScoped) IdentityProviderManager(io.quarkus.security.identity.IdentityProviderManager) AuthenticationRequest(io.quarkus.security.identity.request.AuthenticationRequest) TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest) Collections(java.util.Collections) TimerService(org.bf2.srs.fleetmanager.operation.metrics.TimerService) RoutingContext(io.vertx.ext.web.RoutingContext) Timer(io.micrometer.core.instrument.Timer) AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)

Aggregations

AuditingEvent (org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)2 Tag (io.micrometer.core.instrument.Tag)1 Timer (io.micrometer.core.instrument.Timer)1 UnlessBuildProfile (io.quarkus.arc.profile.UnlessBuildProfile)1 BearerAuthenticationMechanism (io.quarkus.oidc.runtime.BearerAuthenticationMechanism)1 OidcAuthenticationMechanism (io.quarkus.oidc.runtime.OidcAuthenticationMechanism)1 IdentityProviderManager (io.quarkus.security.identity.IdentityProviderManager)1 SecurityIdentity (io.quarkus.security.identity.SecurityIdentity)1 AuthenticationRequest (io.quarkus.security.identity.request.AuthenticationRequest)1 TokenAuthenticationRequest (io.quarkus.security.identity.request.TokenAuthenticationRequest)1 ChallengeData (io.quarkus.vertx.http.runtime.security.ChallengeData)1 HttpAuthenticationMechanism (io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism)1 HttpCredentialTransport (io.quarkus.vertx.http.runtime.security.HttpCredentialTransport)1 QuarkusHttpUser (io.quarkus.vertx.http.runtime.security.QuarkusHttpUser)1 Uni (io.smallrye.mutiny.Uni)1 RoutingContext (io.vertx.ext.web.RoutingContext)1 Collections (java.util.Collections)1 List (java.util.List)1 Set (java.util.Set)1 BiConsumer (java.util.function.BiConsumer)1