From ec60117e68e7e139afb1f1f24179237bae03762c Mon Sep 17 00:00:00 2001
From: Boris Rizov <boris.rizov.cluetec@zf.com>
Date: Fri, 8 Mar 2024 12:38:17 +0100
Subject: [PATCH] feat: add logging of auth failures

---
 .../config/security/SecurityConfig.java       | 12 +++++
 .../config/security/SecurityEvents.java       | 44 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityEvents.java

diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
index 17e4ee998..ea01ece53 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
@@ -27,8 +27,11 @@
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.service.STSTokenValidationService;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationEventPublisher;
+import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -131,4 +134,13 @@ public WebSecurityCustomizer securityCustomizer() {
         log.warn("Disable security : This is not recommended to use in production environments.");
         return web -> web.ignoring().requestMatchers(new AntPathRequestMatcher("**"));
     }
+
+    /**
+     * Needed to enable an event-listener for failed login attempts.
+     */
+    @Bean
+    public AuthenticationEventPublisher authenticationEventPublisher
+            (ApplicationEventPublisher applicationEventPublisher) {
+        return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
+    }
 }
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityEvents.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityEvents.java
new file mode 100644
index 000000000..841bd3fdf
--- /dev/null
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityEvents.java
@@ -0,0 +1,44 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.config.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.event.EventListener;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+public class SecurityEvents {
+    @EventListener
+    public void onFailure(AbstractAuthenticationFailureEvent failures) {
+        String excMessage = failures.getException().getMessage();
+        log.warn("Failed Authentication: Invalid 'Bearer' token. {}", excMessage);
+    }
+
+    @EventListener
+    public void onFailure(AuthorizationDeniedEvent failure) {
+        log.warn("Failed Authorization: Missing 'Authorization' header.");
+    }
+}
+