Example 1 with KEY_REQUEST_FORWARDED_FOR
use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.
the class AuditingServletFilter method doFilter.
@Override
@ActivateRequestContext
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// Activate Operation Context
if (opCtx.isContextDataLoaded()) {
throw new IllegalStateException("Unexpected state: Operation Context is already loaded");
}
opCtx.loadNewContextData();
var req = (HttpServletRequest) request;
var res = (HttpServletResponse) response;
// TODO Unify logic to extract this using parameter extractors
auditing.addTraceMetadata(KEY_REQUEST_SOURCE_IP, req.getRemoteAddr());
auditing.addTraceMetadata(KEY_REQUEST_FORWARDED_FOR, req.getHeader(HEADER_X_FORWARDED_FOR));
auditing.addTraceMetadata(KEY_REQUEST_METHOD, req.getMethod());
auditing.addTraceMetadata(KEY_REQUEST_PATH, req.getRequestURI());
AccountInfo accountInfo = authService.extractAccountInfo();
auditing.addTraceMetadata(KEY_USER_ACCOUNT_ID, accountInfo.getAccountId());
auditing.addTraceMetadata(KEY_USER_ACCOUNT_NAME, accountInfo.getAccountUsername());
auditing.addTraceMetadata(KEY_USER_ORG_ID, accountInfo.getOrganizationId());
auditing.addTraceMetadata(KEY_USER_IS_ORG_ADMIN, accountInfo.isAdmin());
chain.doFilter(request, response);
if (res.getStatus() >= 400) {
var event = new AuditingEvent();
event.setEventId("request_failure");
event.addData(KEY_RESPONSE_CODE, res.getStatus());
event.setSuccessful(false);
auditing.recordEvent(event);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AccountInfo(org.bf2.srs.fleetmanager.spi.common.model.AccountInfo)
AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)
ActivateRequestContext(javax.enterprise.context.control.ActivateRequestContext)
Example 2 with KEY_REQUEST_FORWARDED_FOR
use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.
the class AuditingAuthenticationMechanism method authenticate.
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
BiConsumer<RoutingContext, Throwable> failureHandler = context.get(QuarkusHttpUser.AUTH_FAILURE_HANDLER);
BiConsumer<RoutingContext, Throwable> auditWrapper = (ctx, ex) -> {
// this sends the http response
failureHandler.accept(ctx, ex);
// if it was an error response log it
if (ctx.response().getStatusCode() >= 400) {
var event = new AuditingEvent();
event.setEventId("authentication_failure");
event.addData(KEY_REQUEST_SOURCE_IP, ctx.request().remoteAddress());
event.addData(KEY_REQUEST_FORWARDED_FOR, ctx.request().getHeader(HEADER_X_FORWARDED_FOR));
event.addData(KEY_REQUEST_METHOD, ctx.request().method().name());
event.addData(KEY_REQUEST_PATH, ctx.request().path());
event.addData(KEY_RESPONSE_CODE, ctx.response().getStatusCode());
event.setSuccessful(false);
if (ex != null) {
event.addData(KEY_ERROR_MESSAGE, ex.getMessage());
}
// Request Context does not exist at this point
AuditingServiceImpl.recordEventNoContext(event);
}
};
context.put(QuarkusHttpUser.AUTH_FAILURE_HANDLER, auditWrapper);
Timer.Sample sample = timerService.start();
return oidcAuthenticationMechanism.authenticate(context, identityProviderManager).onItemOrFailure().invoke((securityIdentity, throwable) -> {
timerService.record(AUTH_TIMER, AUTH_TIMER_DESCRIPTION, throwable == null ? null : List.of(Tag.of(TAG_STATUS_CODE_FAMILY, "4xx")), sample);
});
}
Also used :
BearerAuthenticationMechanism(io.quarkus.oidc.runtime.BearerAuthenticationMechanism)
KEY_RESPONSE_CODE(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_RESPONSE_CODE)
KEY_REQUEST_METHOD(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_METHOD)
UnlessBuildProfile(io.quarkus.arc.profile.UnlessBuildProfile)
Alternative(javax.enterprise.inject.Alternative)
KEY_ERROR_MESSAGE(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_ERROR_MESSAGE)
KEY_REQUEST_FORWARDED_FOR(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_FORWARDED_FOR)
OidcAuthenticationMechanism(io.quarkus.oidc.runtime.OidcAuthenticationMechanism)
RoutingContext(io.vertx.ext.web.RoutingContext)
KEY_REQUEST_PATH(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_PATH)
Uni(io.smallrye.mutiny.Uni)
Inject(javax.inject.Inject)
AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)
Timer(io.micrometer.core.instrument.Timer)
HttpAuthenticationMechanism(io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism)
BiConsumer(java.util.function.BiConsumer)
SecurityIdentity(io.quarkus.security.identity.SecurityIdentity)
Tag(io.micrometer.core.instrument.Tag)
Set(java.util.Set)
HttpCredentialTransport(io.quarkus.vertx.http.runtime.security.HttpCredentialTransport)
KEY_REQUEST_SOURCE_IP(org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_SOURCE_IP)
HEADER_X_FORWARDED_FOR(org.bf2.srs.fleetmanager.AuditingServletFilter.HEADER_X_FORWARDED_FOR)
Constants(org.bf2.srs.fleetmanager.common.metrics.Constants)
Priority(javax.annotation.Priority)
List(java.util.List)
ChallengeData(io.quarkus.vertx.http.runtime.security.ChallengeData)
QuarkusHttpUser(io.quarkus.vertx.http.runtime.security.QuarkusHttpUser)
ApplicationScoped(javax.enterprise.context.ApplicationScoped)
IdentityProviderManager(io.quarkus.security.identity.IdentityProviderManager)
AuthenticationRequest(io.quarkus.security.identity.request.AuthenticationRequest)
TokenAuthenticationRequest(io.quarkus.security.identity.request.TokenAuthenticationRequest)
Collections(java.util.Collections)
TimerService(org.bf2.srs.fleetmanager.operation.metrics.TimerService)
RoutingContext(io.vertx.ext.web.RoutingContext)
Timer(io.micrometer.core.instrument.Timer)
AuditingEvent(org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)
Aggregations
AuditingEvent (org.bf2.srs.fleetmanager.operation.auditing.AuditingEvent)2
Tag (io.micrometer.core.instrument.Tag)1
Timer (io.micrometer.core.instrument.Timer)1
UnlessBuildProfile (io.quarkus.arc.profile.UnlessBuildProfile)1
BearerAuthenticationMechanism (io.quarkus.oidc.runtime.BearerAuthenticationMechanism)1
OidcAuthenticationMechanism (io.quarkus.oidc.runtime.OidcAuthenticationMechanism)1
IdentityProviderManager (io.quarkus.security.identity.IdentityProviderManager)1
SecurityIdentity (io.quarkus.security.identity.SecurityIdentity)1
AuthenticationRequest (io.quarkus.security.identity.request.AuthenticationRequest)1
TokenAuthenticationRequest (io.quarkus.security.identity.request.TokenAuthenticationRequest)1
ChallengeData (io.quarkus.vertx.http.runtime.security.ChallengeData)1
HttpAuthenticationMechanism (io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism)1
HttpCredentialTransport (io.quarkus.vertx.http.runtime.security.HttpCredentialTransport)1
QuarkusHttpUser (io.quarkus.vertx.http.runtime.security.QuarkusHttpUser)1
Uni (io.smallrye.mutiny.Uni)1
RoutingContext (io.vertx.ext.web.RoutingContext)1
Collections (java.util.Collections)1
List (java.util.List)1
Set (java.util.Set)1
BiConsumer (java.util.function.BiConsumer)1
