Skip to content
Permalink
Browse files
Adding authorization logging messages.
  • Loading branch information
mifosio-04-04-2018 committed Apr 30, 2017
1 parent 650d17a commit cf627d85e4c59972c8dae145eaa09d2384bf7437
Showing 4 changed files with 23 additions and 1 deletion.
@@ -21,6 +21,7 @@
import io.mifos.anubis.security.IsisAuthenticatedAuthenticationProvider;
import io.mifos.anubis.security.UrlPermissionChecker;
import org.apache.http.HttpStatus;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -42,13 +43,20 @@
import java.util.ArrayList;
import java.util.List;

import static io.mifos.anubis.config.AnubisConstants.LOGGER_NAME;

/**
* @author Myrle Krantz
*/
@SuppressWarnings("WeakerAccess")
@Configuration
@EnableWebSecurity
public class AnubisSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
final private Logger logger;

public AnubisSecurityConfigurerAdapter(final @Qualifier(LOGGER_NAME) Logger logger) {
this.logger = logger;
}

@PostConstruct
public void configureSecurityContext()
@@ -83,7 +91,7 @@ public FilterRegistrationBean userContextFilter()

private AccessDecisionManager defaultAccessDecisionManager() {
final List<AccessDecisionVoter<?>> voters = new ArrayList<>();
voters.add(new UrlPermissionChecker());
voters.add(new UrlPermissionChecker(logger));
return new UnanimousBased(voters);
}

@@ -82,8 +82,10 @@ public AnubisAuthentication authenticate(
}
catch (final JwtException e) {
logger.debug("token = {}", token);
logger.info("System token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyTimestampException e) {
logger.info("System token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidTokenKeyTimestamp("system", keyTimestamp);
}
}
@@ -92,8 +92,10 @@ AnubisAuthentication authenticate(
);
}
catch (final JwtException e) {
logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyTimestampException e) {
logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidTokenKeyTimestamp("tenant", keyTimestamp);
}
}
@@ -15,6 +15,7 @@
*/
package io.mifos.anubis.security;

import org.slf4j.Logger;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
@@ -28,6 +29,12 @@
* @author Myrle Krantz
*/
public class UrlPermissionChecker implements AccessDecisionVoter<FilterInvocation> {
private final Logger logger;

public UrlPermissionChecker(final Logger logger) {
this.logger = logger;
}

@Override public boolean supports(final ConfigAttribute attribute) {
return attribute.getAttribute().equals(ApplicationPermission.URL_AUTHORITY);
}
@@ -54,6 +61,9 @@ public class UrlPermissionChecker implements AccessDecisionVoter<FilterInvocatio
.filter(x -> x.matches(filterInvocation, authentication.getPrincipal()))
.findAny();

matchedPermission.ifPresent(x -> logger.debug("Authorizing access to {} based on permission: {}"
, filterInvocation.getRequestUrl(), x));

return matchedPermission.map(x -> ACCESS_GRANTED).orElse(ACCESS_DENIED);
}
}

0 comments on commit cf627d8

Please sign in to comment.