Search in sources :

Example 1 with SecurityEventAuditRecord

use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.

the class AuditOAuth2AccessDeniedHandler method handle.

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException {
    try {
        super.handle(request, response, authException);
    } finally {
        String token = (String) request.getAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE);
        UserContext userContext = userContextFactory.createUserContext(tokenStore.readAuthentication(token), token);
        RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
        requestAuditRecordDataService.save(requestAuditRecord);
        securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
    }
}
Also used : SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)

Example 2 with SecurityEventAuditRecord

use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.

the class AuditInterceptorTest method afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record.

@Test(expected = RuntimeException.class)
public void afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record() throws Exception {
    final RequestAuditRecord requestAuditRecord = mock(RequestAuditRecord.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getUserPrincipal()).thenReturn(mock(Authentication.class));
    doThrow(new RuntimeException("test")).when(requestAuditRecordDataService).save(any(RequestAuditRecord.class));
    when(auditLogFactory.createRequestAuditRecord(any(HttpServletRequest.class), any(Integer.class))).thenReturn(requestAuditRecord);
    try {
        subject.afterCompletion(request, mock(HttpServletResponse.class), null, null);
    } finally {
        ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
        verify(securityEventsLogService).log(any());
        assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "")));
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Authentication(org.springframework.security.core.Authentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Example 3 with SecurityEventAuditRecord

use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.

the class AuditInterceptorTest method afterCompletion_logs_request_audit_record.

@Test
public void afterCompletion_logs_request_audit_record() throws Exception {
    final RequestAuditRecord requestAuditRecord = spy(RequestAuditRecord.class);
    when(requestAuditRecord.getNow()).thenReturn(Instant.now());
    when(response.getStatus()).thenReturn(401);
    when(auditLogFactory.createRequestAuditRecord(request, userContext, 401)).thenReturn(requestAuditRecord);
    subject.afterCompletion(request, response, null, null);
    ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
    verify(securityEventsLogService, times(1)).log(captor.capture());
    verify(requestAuditRecordDataService, times(1)).save(requestAuditRecord);
    assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "user")));
}
Also used : SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Test(org.junit.Test)

Example 4 with SecurityEventAuditRecord

use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.

the class AuditInterceptor method afterCompletion.

@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception) throws Exception {
    Principal userAuth = request.getUserPrincipal();
    if (userAuth == null) {
        return;
    }
    UserContext userContext = userContextFactory.createUserContext((Authentication) userAuth);
    RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
    try {
        requestAuditRecordDataService.save(requestAuditRecord);
    } finally {
        securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
    }
}
Also used : SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) UserContext(org.cloudfoundry.credhub.auth.UserContext) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Principal(java.security.Principal)

Example 5 with SecurityEventAuditRecord

use of org.cloudfoundry.credhub.domain.SecurityEventAuditRecord in project credhub by cloudfoundry-incubator.

the class SecurityEventsLogServiceTest method log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS.

@Test
public void log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS() {
    RequestAuditRecord requestAuditRecord = makeOperationAuditRecord("foo=bar", AUTH_METHOD_MUTUAL_TLS);
    subject.log(new SecurityEventAuditRecord(requestAuditRecord, "actor-id"));
    verify(securityEventsLogger).info("CEF:0|cloud_foundry|credhub|" + fakeVersion + "|GET /api/some-path|" + "GET /api/some-path|0|rt=" + String.valueOf(now.toEpochMilli()) + " suser=user-name " + "suid=actor-id " + "cs1Label=userAuthenticationMechanism " + "cs1=mutual-tls " + "request=/api/some-path?foo=bar " + "requestMethod=GET " + "cs3Label=result " + "cs3=success " + "cs4Label=httpStatusCode " + "cs4=200 " + "src=127.0.0.1 " + "dst=host.example.com");
}
Also used : SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Test(org.junit.Test)

Aggregations

SecurityEventAuditRecord (org.cloudfoundry.credhub.domain.SecurityEventAuditRecord)8 RequestAuditRecord (org.cloudfoundry.credhub.entity.RequestAuditRecord)8 Test (org.junit.Test)6 Principal (java.security.Principal)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 UserContext (org.cloudfoundry.credhub.auth.UserContext)1 Authentication (org.springframework.security.core.Authentication)1