use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditOAuth2AccessDeniedHandler method handle.
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException {
try {
super.handle(request, response, authException);
} finally {
String token = (String) request.getAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE);
UserContext userContext = userContextFactory.createUserContext(tokenStore.readAuthentication(token), token);
RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
requestAuditRecordDataService.save(requestAuditRecord);
securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
}
}
use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptorTest method afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record.
@Test(expected = RuntimeException.class)
public void afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record() throws Exception {
final RequestAuditRecord requestAuditRecord = mock(RequestAuditRecord.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(mock(Authentication.class));
doThrow(new RuntimeException("test")).when(requestAuditRecordDataService).save(any(RequestAuditRecord.class));
when(auditLogFactory.createRequestAuditRecord(any(HttpServletRequest.class), any(Integer.class))).thenReturn(requestAuditRecord);
try {
subject.afterCompletion(request, mock(HttpServletResponse.class), null, null);
} finally {
ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
verify(securityEventsLogService).log(any());
assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "")));
}
}
use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptorTest method afterCompletion_logs_request_audit_record.
@Test
public void afterCompletion_logs_request_audit_record() throws Exception {
final RequestAuditRecord requestAuditRecord = spy(RequestAuditRecord.class);
when(requestAuditRecord.getNow()).thenReturn(Instant.now());
when(response.getStatus()).thenReturn(401);
when(auditLogFactory.createRequestAuditRecord(request, userContext, 401)).thenReturn(requestAuditRecord);
subject.afterCompletion(request, response, null, null);
ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
verify(securityEventsLogService, times(1)).log(captor.capture());
verify(requestAuditRecordDataService, times(1)).save(requestAuditRecord);
assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "user")));
}
use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptor method afterCompletion.
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception) throws Exception {
Principal userAuth = request.getUserPrincipal();
if (userAuth == null) {
return;
}
UserContext userContext = userContextFactory.createUserContext((Authentication) userAuth);
RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
try {
requestAuditRecordDataService.save(requestAuditRecord);
} finally {
securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
}
}
use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.
the class SecurityEventsLogServiceTest method log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS.
@Test
public void log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS() {
RequestAuditRecord requestAuditRecord = makeOperationAuditRecord("foo=bar", AUTH_METHOD_MUTUAL_TLS);
subject.log(new SecurityEventAuditRecord(requestAuditRecord, "actor-id"));
verify(securityEventsLogger).info("CEF:0|cloud_foundry|credhub|" + fakeVersion + "|GET /api/some-path|" + "GET /api/some-path|0|rt=" + String.valueOf(now.toEpochMilli()) + " suser=user-name " + "suid=actor-id " + "cs1Label=userAuthenticationMechanism " + "cs1=mutual-tls " + "request=/api/some-path?foo=bar " + "requestMethod=GET " + "cs3Label=result " + "cs3=success " + "cs4Label=httpStatusCode " + "cs4=200 " + "src=127.0.0.1 " + "dst=host.example.com");
}
Aggregations