View Javadoc
1   /*
2    * Copyright 2014 James Pether Sörling
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   *	$Id$
17   *  $HeadURL$
18  */
19  package com.hack23.cia.web.impl.ui.application.web.listener;
20  
21  import org.slf4j.Logger;
22  import org.slf4j.LoggerFactory;
23  import org.springframework.aop.framework.ReflectiveMethodInvocation;
24  import org.springframework.beans.factory.annotation.Autowired;
25  import org.springframework.context.ApplicationListener;
26  import org.springframework.security.access.event.AuthorizationFailureEvent;
27  import org.springframework.stereotype.Service;
28  import org.springframework.web.context.request.RequestContextHolder;
29  
30  import com.hack23.cia.model.internal.application.system.impl.ApplicationEventGroup;
31  import com.hack23.cia.model.internal.application.system.impl.ApplicationOperationType;
32  import com.hack23.cia.service.api.ApplicationManager;
33  import com.hack23.cia.service.api.action.application.CreateApplicationEventRequest;
34  import com.hack23.cia.web.impl.ui.application.util.UserContextUtil;
35  import com.vaadin.server.Page;
36  import com.vaadin.ui.UI;
37  
38  /**
39   * The Class AuthorizationFailureEventListener.
40   */
41  @Service
42  public final class AuthorizationFailureEventListener implements ApplicationListener<AuthorizationFailureEvent> {
43  
44  	/** The Constant REQUIRED_AUTHORITIES. */
45  	private static final String REQUIRED_AUTHORITIES = " , RequiredAuthorities:";
46  
47  	/** The Constant ACCESS_DENIED. */
48  	private static final String ACCESS_DENIED = "Access Denied";
49  
50  	/** The Constant AUTHORITIES. */
51  	private static final String AUTHORITIES = "Authorities:";
52  
53  	/**
54  	 * The Constant
55  	 * LOG_MSG_AUTHORIZATION_FAILURE_SESSION_ID_AUTHORITIES_REQUIRED_AUTHORITIES.
56  	 */
57  	private static final String LOG_MSG_AUTHORIZATION_FAILURE_SESSION_ID_AUTHORITIES_REQUIRED_AUTHORITIES = "Authorization Failure:: url : {} Method : {} SessionId :{} , Authorities : {} , RequiredAuthorities : {}";
58  
59  	/** The Constant LOGGER. */
60  	private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFailureEventListener.class);
61  
62  	/** The application manager. */
63  	@Autowired
64  	private ApplicationManager applicationManager;
65  
66  	/**
67  	 * Instantiates a new authorization failure event listener.
68  	 */
69  	public AuthorizationFailureEventListener() {
70  		super();
71  	}
72  
73  	@Override
74  	public void onApplicationEvent(final AuthorizationFailureEvent authorizationFailureEvent) {
75  
76  		final String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId();
77  
78  		final CreateApplicationEventRequest serviceRequest = new CreateApplicationEventRequest();
79  		serviceRequest.setSessionId(sessionId);
80  
81  		serviceRequest.setEventGroup(ApplicationEventGroup.APPLICATION);
82  		serviceRequest.setApplicationOperation(ApplicationOperationType.AUTHORIZATION);
83  
84  		serviceRequest.setUserId(UserContextUtil.getUserIdFromSecurityContext());
85  
86  		final Page currentPageIfAny = Page.getCurrent();
87  		final String requestUrl = UserContextUtil.getRequestUrl(currentPageIfAny);
88  		final UI currentUiIfAny = UI.getCurrent();
89  		String methodInfo = "";
90  
91  		if (currentPageIfAny != null && currentUiIfAny != null && currentUiIfAny.getNavigator() != null
92  				&& currentUiIfAny.getNavigator().getCurrentView() != null) {
93  			serviceRequest.setPage(currentUiIfAny.getNavigator().getCurrentView().getClass().getSimpleName());
94  			serviceRequest.setPageMode(currentPageIfAny.getUriFragment());
95  		}
96  
97  		if (authorizationFailureEvent.getSource() instanceof ReflectiveMethodInvocation) {
98  			final ReflectiveMethodInvocation methodInvocation = (ReflectiveMethodInvocation) authorizationFailureEvent
99  					.getSource();
100 			if (methodInvocation.getMethod() != null && methodInvocation.getThis() != null) {
101 				methodInfo = methodInvocation.getThis().getClass().getSimpleName() + "."
102 						+ methodInvocation.getMethod().getName();
103 			}
104 		}
105 
106 		serviceRequest.setErrorMessage("Url:" + requestUrl + " , Method" + methodInfo + " ," + AUTHORITIES
107 				+ authorizationFailureEvent.getAuthentication().getAuthorities() + REQUIRED_AUTHORITIES
108 				+ authorizationFailureEvent.getConfigAttributes() + " source:" + authorizationFailureEvent.getSource());
109 		serviceRequest.setApplicationMessage(ACCESS_DENIED);
110 
111 		applicationManager.service(serviceRequest);
112 
113 		LOGGER.info(LOG_MSG_AUTHORIZATION_FAILURE_SESSION_ID_AUTHORITIES_REQUIRED_AUTHORITIES, requestUrl, methodInfo,
114 				sessionId, authorizationFailureEvent.getAuthentication().getAuthorities().toString(),
115 				authorizationFailureEvent.getConfigAttributes().toString());
116 	}
117 
118 }