1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package com.hack23.cia.web.impl.ui.application.web.listener;
20
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
23 import org.springframework.aop.framework.ReflectiveMethodInvocation;
24 import org.springframework.beans.factory.annotation.Autowired;
25 import org.springframework.context.ApplicationListener;
26 import org.springframework.security.access.event.AuthorizationFailureEvent;
27 import org.springframework.stereotype.Service;
28 import org.springframework.web.context.request.RequestContextHolder;
29
30 import com.hack23.cia.model.internal.application.system.impl.ApplicationEventGroup;
31 import com.hack23.cia.model.internal.application.system.impl.ApplicationOperationType;
32 import com.hack23.cia.service.api.ApplicationManager;
33 import com.hack23.cia.service.api.action.application.CreateApplicationEventRequest;
34 import com.hack23.cia.web.impl.ui.application.util.UserContextUtil;
35 import com.vaadin.server.Page;
36 import com.vaadin.ui.UI;
37
38
39
40
41 @Service
42 public final class AuthorizationFailureEventListener implements ApplicationListener<AuthorizationFailureEvent> {
43
44
45 private static final String REQUIRED_AUTHORITIES = " , RequiredAuthorities:";
46
47
48 private static final String ACCESS_DENIED = "Access Denied";
49
50
51 private static final String AUTHORITIES = "Authorities:";
52
53
54
55
56
57 private static final String LOG_MSG_AUTHORIZATION_FAILURE_SESSION_ID_AUTHORITIES_REQUIRED_AUTHORITIES = "Authorization Failure:: url : {} Method : {} SessionId :{} , Authorities : {} , RequiredAuthorities : {}";
58
59
60 private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFailureEventListener.class);
61
62
63 @Autowired
64 private ApplicationManager applicationManager;
65
66
67
68
69 public AuthorizationFailureEventListener() {
70 super();
71 }
72
73 @Override
74 public void onApplicationEvent(final AuthorizationFailureEvent authorizationFailureEvent) {
75
76 final String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId();
77
78 final CreateApplicationEventRequest serviceRequest = new CreateApplicationEventRequest();
79 serviceRequest.setSessionId(sessionId);
80
81 serviceRequest.setEventGroup(ApplicationEventGroup.APPLICATION);
82 serviceRequest.setApplicationOperation(ApplicationOperationType.AUTHORIZATION);
83
84 serviceRequest.setUserId(UserContextUtil.getUserIdFromSecurityContext());
85
86 final Page currentPageIfAny = Page.getCurrent();
87 final String requestUrl = UserContextUtil.getRequestUrl(currentPageIfAny);
88 final UI currentUiIfAny = UI.getCurrent();
89 String methodInfo = "";
90
91 if (currentPageIfAny != null && currentUiIfAny != null && currentUiIfAny.getNavigator() != null
92 && currentUiIfAny.getNavigator().getCurrentView() != null) {
93 serviceRequest.setPage(currentUiIfAny.getNavigator().getCurrentView().getClass().getSimpleName());
94 serviceRequest.setPageMode(currentPageIfAny.getUriFragment());
95 }
96
97 if (authorizationFailureEvent.getSource() instanceof ReflectiveMethodInvocation) {
98 final ReflectiveMethodInvocation methodInvocation = (ReflectiveMethodInvocation) authorizationFailureEvent
99 .getSource();
100 if (methodInvocation.getMethod() != null && methodInvocation.getThis() != null) {
101 methodInfo = methodInvocation.getThis().getClass().getSimpleName() + "."
102 + methodInvocation.getMethod().getName();
103 }
104 }
105
106 serviceRequest.setErrorMessage("Url:" + requestUrl + " , Method" + methodInfo + " ," + AUTHORITIES
107 + authorizationFailureEvent.getAuthentication().getAuthorities() + REQUIRED_AUTHORITIES
108 + authorizationFailureEvent.getConfigAttributes() + " source:" + authorizationFailureEvent.getSource());
109 serviceRequest.setApplicationMessage(ACCESS_DENIED);
110
111 applicationManager.service(serviceRequest);
112
113 LOGGER.info(LOG_MSG_AUTHORIZATION_FAILURE_SESSION_ID_AUTHORITIES_REQUIRED_AUTHORITIES, requestUrl, methodInfo,
114 sessionId, authorizationFailureEvent.getAuthentication().getAuthorities().toString(),
115 authorizationFailureEvent.getConfigAttributes().toString());
116 }
117
118 }