feat: add logging of auth failures

borisrizov-zf · Mar 8, 2024 · ec60117 · ec60117
1 parent 7058155
commit ec60117
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/...main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/...main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
@@ -27,8 +27,11 @@
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.service.STSTokenValidationService;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationEventPublisher;
+import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -131,4 +134,13 @@ public WebSecurityCustomizer securityCustomizer() {
         log.warn("Disable security : This is not recommended to use in production environments.");
         return web -> web.ignoring().requestMatchers(new AntPathRequestMatcher("**"));
     }
+
+    /**
+     * Needed to enable an event-listener for failed login attempts.
+     */
+    @Bean
+    public AuthenticationEventPublisher authenticationEventPublisher
+            (ApplicationEventPublisher applicationEventPublisher) {
+        return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
+    }
 }
diff --git a/...main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityEvents.java b/...main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityEvents.java
@@ -0,0 +1,44 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.config.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.event.EventListener;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+public class SecurityEvents {
+    @EventListener
+    public void onFailure(AbstractAuthenticationFailureEvent failures) {
+        String excMessage = failures.getException().getMessage();
+        log.warn("Failed Authentication: Invalid 'Bearer' token. {}", excMessage);
+    }
+
+    @EventListener
+    public void onFailure(AuthorizationDeniedEvent failure) {
+        log.warn("Failed Authorization: Missing 'Authorization' header.");
+    }
+}
+