use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_METHOD in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.
the class AuditingServletFilter method doFilter.
@Override
@ActivateRequestContext
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// Activate Operation Context
if (opCtx.isContextDataLoaded()) {
throw new IllegalStateException("Unexpected state: Operation Context is already loaded");
}
opCtx.loadNewContextData();
var req = (HttpServletRequest) request;
var res = (HttpServletResponse) response;
// TODO Unify logic to extract this using parameter extractors
auditing.addTraceMetadata(KEY_REQUEST_SOURCE_IP, req.getRemoteAddr());
auditing.addTraceMetadata(KEY_REQUEST_FORWARDED_FOR, req.getHeader(HEADER_X_FORWARDED_FOR));
auditing.addTraceMetadata(KEY_REQUEST_METHOD, req.getMethod());
auditing.addTraceMetadata(KEY_REQUEST_PATH, req.getRequestURI());
AccountInfo accountInfo = authService.extractAccountInfo();
auditing.addTraceMetadata(KEY_USER_ACCOUNT_ID, accountInfo.getAccountId());
auditing.addTraceMetadata(KEY_USER_ACCOUNT_NAME, accountInfo.getAccountUsername());
auditing.addTraceMetadata(KEY_USER_ORG_ID, accountInfo.getOrganizationId());
auditing.addTraceMetadata(KEY_USER_IS_ORG_ADMIN, accountInfo.isAdmin());
chain.doFilter(request, response);
if (res.getStatus() >= 400) {
var event = new AuditingEvent();
event.setEventId("request_failure");
event.addData(KEY_RESPONSE_CODE, res.getStatus());
event.setSuccessful(false);
auditing.recordEvent(event);
}
}
use of org.bf2.srs.fleetmanager.common.operation.auditing.AuditingConstants.KEY_REQUEST_METHOD in project srs-fleet-manager by bf2fc6cc711aee1a0c2a.
the class AuditingAuthenticationMechanism method authenticate.
@Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
BiConsumer<RoutingContext, Throwable> failureHandler = context.get(QuarkusHttpUser.AUTH_FAILURE_HANDLER);
BiConsumer<RoutingContext, Throwable> auditWrapper = (ctx, ex) -> {
// this sends the http response
failureHandler.accept(ctx, ex);
// if it was an error response log it
if (ctx.response().getStatusCode() >= 400) {
var event = new AuditingEvent();
event.setEventId("authentication_failure");
event.addData(KEY_REQUEST_SOURCE_IP, ctx.request().remoteAddress());
event.addData(KEY_REQUEST_FORWARDED_FOR, ctx.request().getHeader(HEADER_X_FORWARDED_FOR));
event.addData(KEY_REQUEST_METHOD, ctx.request().method().name());
event.addData(KEY_REQUEST_PATH, ctx.request().path());
event.addData(KEY_RESPONSE_CODE, ctx.response().getStatusCode());
event.setSuccessful(false);
if (ex != null) {
event.addData(KEY_ERROR_MESSAGE, ex.getMessage());
}
// Request Context does not exist at this point
AuditingServiceImpl.recordEventNoContext(event);
}
};
context.put(QuarkusHttpUser.AUTH_FAILURE_HANDLER, auditWrapper);
Timer.Sample sample = timerService.start();
return oidcAuthenticationMechanism.authenticate(context, identityProviderManager).onItemOrFailure().invoke((securityIdentity, throwable) -> {
timerService.record(AUTH_TIMER, AUTH_TIMER_DESCRIPTION, throwable == null ? null : List.of(Tag.of(TAG_STATUS_CODE_FAMILY, "4xx")), sample);
});
}
Aggregations