Permalink
Browse files

Be cautious about data coming into audit service

Change-Id: I5d4329e4240bc32105347f5e0fb592fdb28797f3
  • Loading branch information...
1 parent 66930bb commit 425fde38ff95b7d5feeb8e7e527b560dfb633ff2 @dsyer dsyer committed Jan 25, 2012
Showing with 8 additions and 4 deletions.
  1. +8 −4 uaa/src/main/java/org/cloudfoundry/identity/uaa/audit/JdbcAuditService.java
@@ -50,7 +50,11 @@ private String getOrigin(UaaAuthenticationDetails details) {
@Override
public void userAuthenticationFailure(UaaUser user, UaaAuthenticationDetails details) {
- createAuditRecord(user.getId(), AuditEventType.UserAuthenticationFailure, details.getOrigin(), user.getUsername());
+ if (user==null) {
+ userNotFound("<UNKNOWN>", details);
+ return;
+ }
+ createAuditRecord(user.getId(), AuditEventType.UserAuthenticationFailure, getOrigin(details), user.getUsername());
}
@Override
@@ -62,17 +66,17 @@ public void userNotFound(String name, UaaAuthenticationDetails details) {
catch (NoSuchAlgorithmException shouldNeverHappen) {
name = "NOSHA";
}
- createAuditRecord(name, AuditEventType.UserNotFound, details.getOrigin(), "");
+ createAuditRecord(name, AuditEventType.UserNotFound, getOrigin(details), "");
}
@Override
public void principalAuthenticationFailure(String name, UaaAuthenticationDetails details) {
- createAuditRecord(name, AuditEventType.PrincipalAuthenticationFailure, details.getOrigin());
+ createAuditRecord(name, AuditEventType.PrincipalAuthenticationFailure, getOrigin(details));
}
@Override
public void principalNotFound(String name, UaaAuthenticationDetails details) {
- createAuditRecord(name, AuditEventType.PrincipalNotFound, details.getOrigin());
+ createAuditRecord(name, AuditEventType.PrincipalNotFound, getOrigin(details));
}
private void createAuditRecord(String principal_id, AuditEventType type, String origin) {

0 comments on commit 425fde3

Please sign in to comment.