use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditOAuth2AccessDeniedHandler method handle.
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException {
try {
super.handle(request, response, authException);
} finally {
String token = (String) request.getAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE);
UserContext userContext = userContextFactory.createUserContext(tokenStore.readAuthentication(token), token);
RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
requestAuditRecordDataService.save(requestAuditRecord);
securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
}
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditTest method when_event_fails_it_logs_correct_success_flag_and_status_code.
@Test
public void when_event_fails_it_logs_correct_success_flag_and_status_code() throws Exception {
long initialRequestAuditCount = requestAuditRecordRepository.count();
long initialEventAuditCount = eventAuditRecordRepository.count();
String credentialName = "/TEST/SECRET";
mockMvc.perform(get("/api/v1/data?name=" + credentialName).header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON)).andExpect(status().isNotFound());
assertThat(requestAuditRecordRepository.count(), equalTo(initialRequestAuditCount + 1L));
assertThat(eventAuditRecordRepository.count(), equalTo(initialEventAuditCount + 1));
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(sortByDate).get(0);
assertThat(requestAuditRecord.getStatusCode(), equalTo(404));
ArgumentCaptor<String> captor = ArgumentCaptor.forClass(String.class);
verify(logger, times(1)).info(captor.capture());
assertThat(captor.getValue(), containsString("cs4=404"));
EventAuditRecord eventAuditRecord = eventAuditRecordRepository.findAll(sortByDate).get(0);
assertThat(eventAuditRecord.isSuccess(), equalTo(false));
assertThat(eventAuditRecord.getActor(), equalTo(AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditTest method normally_logs_event_and_request.
@Test
public void normally_logs_event_and_request() throws Exception {
String credentialName = "/TEST/SECRET";
String credentialType = "password";
long initialRequestAuditCount = requestAuditRecordRepository.count();
long initialEventAuditCount = eventAuditRecordRepository.count();
mockMvc.perform(post("/api/v1/data").header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{" + "\"name\":\"" + credentialName + "\"," + "\"type\":\"" + credentialType + "\"" + "}")).andExpect(status().isOk());
assertThat(requestAuditRecordRepository.count(), equalTo(1L + initialRequestAuditCount));
assertThat(eventAuditRecordRepository.count(), equalTo(6L + initialEventAuditCount));
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(sortByDate).get(0);
assertThat(requestAuditRecord.getAuthMethod(), equalTo("uaa"));
assertThat(requestAuditRecord.getPath(), equalTo("/api/v1/data"));
ArgumentCaptor<String> captor = ArgumentCaptor.forClass(String.class);
verify(logger, times(1)).info(captor.capture());
assertThat(captor.getValue(), containsString("cs4=200"));
EventAuditRecord eventAuditRecord = eventAuditRecordRepository.findAll(sortByDate).get(0);
assertThat(eventAuditRecord.getCredentialName(), equalTo("/TEST/SECRET"));
assertThat(eventAuditRecord.getActor(), equalTo(AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditingHelper method verifyAuditing.
public void verifyAuditing(AuditingOperationCode auditingOperationCode, String credentialName, String actor, String path, int statusCode) {
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(requestAuditRecord.getPath(), equalTo(path));
assertThat(requestAuditRecord.getStatusCode(), equalTo(statusCode));
List<EventAuditRecord> auditRecords = eventAuditRecordRepository.findAll(new Sort(DESC, "now"));
EventAuditRecord eventAuditRecord = auditRecords.get(0);
assertThat(eventAuditRecord.getOperation(), equalTo(auditingOperationCode.toString()));
assertThat(eventAuditRecord.getCredentialName(), equalTo(credentialName));
assertThat(eventAuditRecord.isSuccess(), equalTo(HttpStatus.valueOf(statusCode).is2xxSuccessful()));
assertThat(eventAuditRecord.getActor(), equalTo(actor));
assertThat(requestAuditRecord.getUuid(), equalTo(eventAuditRecord.getRequestUuid()));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditingHelper method verifyAuditing.
public void verifyAuditing(String actor, String path, int statusCode, List<EventAuditRecordParameters> eventAuditRecordParametersList) {
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(requestAuditRecord.getPath(), equalTo(path));
assertThat(requestAuditRecord.getStatusCode(), equalTo(statusCode));
List<EventAuditRecord> eventAuditRecords = eventAuditRecordRepository.findAll(new Sort(DESC, "now"));
assertThat(eventAuditRecords, hasSize(greaterThanOrEqualTo(eventAuditRecordParametersList.size())));
boolean expectedSuccess = HttpStatus.valueOf(statusCode).is2xxSuccessful();
assertThat(eventAuditRecords.subList(0, eventAuditRecordParametersList.size()), containsInAnyOrder(eventAuditRecordParametersList.stream().map(parameters -> matchesExpectedEvent(parameters, actor, expectedSuccess, requestAuditRecord.getUuid())).collect(Collectors.toList())));
}
Aggregations