Example 6 with RequestAuditRecord
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditingHelper method verifyRequestAuditing.
public void verifyRequestAuditing(String path, int statusCode) {
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(requestAuditRecord.getPath(), equalTo(path));
assertThat(requestAuditRecord.getStatusCode(), equalTo(statusCode));
}
Also used :
RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)
Sort(org.springframework.data.domain.Sort)
Example 7 with RequestAuditRecord
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptorTest method afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record.
@Test(expected = RuntimeException.class)
public void afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record() throws Exception {
final RequestAuditRecord requestAuditRecord = mock(RequestAuditRecord.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(mock(Authentication.class));
doThrow(new RuntimeException("test")).when(requestAuditRecordDataService).save(any(RequestAuditRecord.class));
when(auditLogFactory.createRequestAuditRecord(any(HttpServletRequest.class), any(Integer.class))).thenReturn(requestAuditRecord);
try {
subject.afterCompletion(request, mock(HttpServletResponse.class), null, null);
} finally {
ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
verify(securityEventsLogService).log(any());
assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "")));
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord)
RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)
Authentication(org.springframework.security.core.Authentication)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.junit.Test)
Example 8 with RequestAuditRecord
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptorTest method afterCompletion_logs_request_audit_record.
@Test
public void afterCompletion_logs_request_audit_record() throws Exception {
final RequestAuditRecord requestAuditRecord = spy(RequestAuditRecord.class);
when(requestAuditRecord.getNow()).thenReturn(Instant.now());
when(response.getStatus()).thenReturn(401);
when(auditLogFactory.createRequestAuditRecord(request, userContext, 401)).thenReturn(requestAuditRecord);
subject.afterCompletion(request, response, null, null);
ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
verify(securityEventsLogService, times(1)).log(captor.capture());
verify(requestAuditRecordDataService, times(1)).save(requestAuditRecord);
assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "user")));
}
Also used :
SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord)
RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)
Test(org.junit.Test)
Example 9 with RequestAuditRecord
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptor method afterCompletion.
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception) throws Exception {
Principal userAuth = request.getUserPrincipal();
if (userAuth == null) {
return;
}
UserContext userContext = userContextFactory.createUserContext((Authentication) userAuth);
RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
try {
requestAuditRecordDataService.save(requestAuditRecord);
} finally {
securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
}
}
Also used :
SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord)
UserContext(org.cloudfoundry.credhub.auth.UserContext)
RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)
Principal(java.security.Principal)
Example 10 with RequestAuditRecord
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class RequestAuditRecordDataServiceTest method save_givenARecord_savesTheRecord.
@Test
public void save_givenARecord_savesTheRecord() {
assertNotNull(record);
RequestAuditRecord actual = jdbcTemplate.queryForObject("select * from request_audit_record", (rs, rowNum) -> {
return new RequestAuditRecord(getUuid(rs.getBytes("uuid")), Instant.ofEpochMilli(rs.getLong("now")), rs.getString("auth_method"), rs.getString("user_id"), rs.getString("user_name"), rs.getString("uaa_url"), rs.getLong("auth_valid_from"), rs.getLong("auth_valid_until"), rs.getString("host_name"), rs.getString("method"), rs.getString("path"), rs.getString("query_parameters"), rs.getInt("status_code"), rs.getString("requester_ip"), rs.getString("x_forwarded_for"), rs.getString("client_id"), rs.getString("scope"), rs.getString("grant_type"));
});
assertThat(actual.getUuid(), equalTo(record.getUuid()));
assertThat(actual.getNow(), equalTo(record.getNow()));
assertThat(actual.getAuthMethod(), equalTo(record.getAuthMethod()));
assertThat(actual.getUserId(), equalTo(record.getUserId()));
assertThat(actual.getUserName(), equalTo(record.getUserName()));
assertThat(actual.getUaaUrl(), equalTo(record.getUaaUrl()));
assertThat(actual.getAuthValidFrom(), equalTo(record.getAuthValidFrom()));
assertThat(actual.getAuthValidFrom(), equalTo(authValidFrom));
assertThat(actual.getAuthValidUntil(), equalTo(record.getAuthValidUntil()));
assertThat(actual.getAuthValidUntil(), equalTo(authValidUntil));
assertThat(actual.getHostName(), equalTo(record.getHostName()));
assertThat(actual.getMethod(), equalTo(record.getMethod()));
assertThat(actual.getPath(), equalTo(record.getPath()));
assertThat(actual.getQueryParameters(), equalTo(record.getQueryParameters()));
assertThat(actual.getStatusCode(), equalTo(record.getStatusCode()));
assertThat(actual.getRequesterIp(), equalTo(record.getRequesterIp()));
assertThat(actual.getXForwardedFor(), equalTo(record.getXForwardedFor()));
assertThat(actual.getClientId(), equalTo(record.getClientId()));
assertThat(actual.getScope(), equalTo(record.getScope()));
assertThat(actual.getGrantType(), equalTo(record.getGrantType()));
}
Also used :
RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)
DataJpaTest(org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)
Test(org.junit.Test)
Aggregations
RequestAuditRecord (org.cloudfoundry.credhub.entity.RequestAuditRecord)19
Test (org.junit.Test)13
SecurityEventAuditRecord (org.cloudfoundry.credhub.domain.SecurityEventAuditRecord)8
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6
EventAuditRecord (org.cloudfoundry.credhub.entity.EventAuditRecord)4
Sort (org.springframework.data.domain.Sort)4
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)3
List (java.util.List)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
Principal (java.security.Principal)1
Collections.emptyList (java.util.Collections.emptyList)1
UUID (java.util.UUID)1
Collectors (java.util.stream.Collectors)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
StringUtils (org.apache.commons.lang3.StringUtils)1
AuditingOperationCode (org.cloudfoundry.credhub.audit.AuditingOperationCode)1
EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)1
UserContext (org.cloudfoundry.credhub.auth.UserContext)1
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)1
