use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditingHelper method verifyRequestAuditing.
public void verifyRequestAuditing(String path, int statusCode) {
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(requestAuditRecord.getPath(), equalTo(path));
assertThat(requestAuditRecord.getStatusCode(), equalTo(statusCode));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptorTest method afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record.
@Test(expected = RuntimeException.class)
public void afterCompletion_when_request_audit_record_save_fails_still_logs_CEF_record() throws Exception {
final RequestAuditRecord requestAuditRecord = mock(RequestAuditRecord.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(mock(Authentication.class));
doThrow(new RuntimeException("test")).when(requestAuditRecordDataService).save(any(RequestAuditRecord.class));
when(auditLogFactory.createRequestAuditRecord(any(HttpServletRequest.class), any(Integer.class))).thenReturn(requestAuditRecord);
try {
subject.afterCompletion(request, mock(HttpServletResponse.class), null, null);
} finally {
ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
verify(securityEventsLogService).log(any());
assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "")));
}
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptorTest method afterCompletion_logs_request_audit_record.
@Test
public void afterCompletion_logs_request_audit_record() throws Exception {
final RequestAuditRecord requestAuditRecord = spy(RequestAuditRecord.class);
when(requestAuditRecord.getNow()).thenReturn(Instant.now());
when(response.getStatus()).thenReturn(401);
when(auditLogFactory.createRequestAuditRecord(request, userContext, 401)).thenReturn(requestAuditRecord);
subject.afterCompletion(request, response, null, null);
ArgumentCaptor<SecurityEventAuditRecord> captor = ArgumentCaptor.forClass(SecurityEventAuditRecord.class);
verify(securityEventsLogService, times(1)).log(captor.capture());
verify(requestAuditRecordDataService, times(1)).save(requestAuditRecord);
assertThat(captor.getValue(), samePropertyValuesAs(new SecurityEventAuditRecord(requestAuditRecord, "user")));
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class AuditInterceptor method afterCompletion.
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception) throws Exception {
Principal userAuth = request.getUserPrincipal();
if (userAuth == null) {
return;
}
UserContext userContext = userContextFactory.createUserContext((Authentication) userAuth);
RequestAuditRecord requestAuditRecord = auditLogFactory.createRequestAuditRecord(request, userContext, response.getStatus());
try {
requestAuditRecordDataService.save(requestAuditRecord);
} finally {
securityEventsLogService.log(new SecurityEventAuditRecord(requestAuditRecord, userContext.getActor()));
}
}
use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.
the class RequestAuditRecordDataServiceTest method save_givenARecord_savesTheRecord.
@Test
public void save_givenARecord_savesTheRecord() {
assertNotNull(record);
RequestAuditRecord actual = jdbcTemplate.queryForObject("select * from request_audit_record", (rs, rowNum) -> {
return new RequestAuditRecord(getUuid(rs.getBytes("uuid")), Instant.ofEpochMilli(rs.getLong("now")), rs.getString("auth_method"), rs.getString("user_id"), rs.getString("user_name"), rs.getString("uaa_url"), rs.getLong("auth_valid_from"), rs.getLong("auth_valid_until"), rs.getString("host_name"), rs.getString("method"), rs.getString("path"), rs.getString("query_parameters"), rs.getInt("status_code"), rs.getString("requester_ip"), rs.getString("x_forwarded_for"), rs.getString("client_id"), rs.getString("scope"), rs.getString("grant_type"));
});
assertThat(actual.getUuid(), equalTo(record.getUuid()));
assertThat(actual.getNow(), equalTo(record.getNow()));
assertThat(actual.getAuthMethod(), equalTo(record.getAuthMethod()));
assertThat(actual.getUserId(), equalTo(record.getUserId()));
assertThat(actual.getUserName(), equalTo(record.getUserName()));
assertThat(actual.getUaaUrl(), equalTo(record.getUaaUrl()));
assertThat(actual.getAuthValidFrom(), equalTo(record.getAuthValidFrom()));
assertThat(actual.getAuthValidFrom(), equalTo(authValidFrom));
assertThat(actual.getAuthValidUntil(), equalTo(record.getAuthValidUntil()));
assertThat(actual.getAuthValidUntil(), equalTo(authValidUntil));
assertThat(actual.getHostName(), equalTo(record.getHostName()));
assertThat(actual.getMethod(), equalTo(record.getMethod()));
assertThat(actual.getPath(), equalTo(record.getPath()));
assertThat(actual.getQueryParameters(), equalTo(record.getQueryParameters()));
assertThat(actual.getStatusCode(), equalTo(record.getStatusCode()));
assertThat(actual.getRequesterIp(), equalTo(record.getRequesterIp()));
assertThat(actual.getXForwardedFor(), equalTo(record.getXForwardedFor()));
assertThat(actual.getClientId(), equalTo(record.getClientId()));
assertThat(actual.getScope(), equalTo(record.getScope()));
assertThat(actual.getGrantType(), equalTo(record.getGrantType()));
}
Aggregations