Skip to content

Commit

Permalink
Audit now logs message even if mismatch of parameter count. (#886)
Browse files Browse the repository at this point in the history 
* Audit now logs message even if mismatch of parameter count. Fixed exception audit.

Signed-off-by: Tomas Langer <tomas.langer@oracle.com>

* Unit test

Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
  • Loading branch information
@tomas-langer
tomas-langer authored Aug 15, 2019
1 parent 747e8f5 commit 0b44057
Show file tree
Hide file tree
Showing 5 changed files with 114 additions and 9 deletions.
4 changes: 2 additions & 2 deletions security/security/src/main/java/io/helidon/security/AuditEvent.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019 Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -84,7 +84,7 @@ public interface AuditEvent {
* Gets the message format of this {@code AuditEvent} to be used with
* {@link String#format(String, Object...)}.
*
* @return English message format (this is a fallback if internationalization is not configured.
* @return English message format (this is a fallback if internationalization is not configured).
*/
String messageFormat();

Expand Down
3 changes: 2 additions & 1 deletion security/security/src/main/java/io/helidon/security/AuthorizationClientImpl.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019 Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -86,6 +86,7 @@ public CompletionStage<AuthorizationResponse> submit() {
"Provider %s, Description %s, Request %s. Subject %s. %s: %s")
.addParam(AuditEvent.AuditParam
.plain("provider", providerInstance.getClass().getName()))
.addParam(AuditEvent.AuditParam.plain("description", "Audit failure"))
.addParam(AuditEvent.AuditParam.plain("request", this))
.addParam(AuditEvent.AuditParam.plain("subject",
context.user()
Expand Down
13 changes: 9 additions & 4 deletions security/security/src/main/java/io/helidon/security/DefaultAuditProvider.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019 Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -105,8 +105,13 @@ private void logEvent(String tracingId, TracedAuditEvent event, Level level) {
throwable), () -> auditLogger.log(level, finalMsg));
}

private String formatMessage(AuditEvent event) {
return String.format(event.messageFormat(), toObjectParams(event.params()));
String formatMessage(AuditEvent event) {
try {
return String.format(event.messageFormat(), toObjectParams(event.params()));
} catch (Exception e) {
// problem with the format
return "Formatting failed for format: " + event.messageFormat() + ", parameters: " + event.params();
}
}

private Object[] toObjectParams(List<AuditEvent.AuditParam> parameters) {
Expand All @@ -115,7 +120,7 @@ private Object[] toObjectParams(List<AuditEvent.AuditParam> parameters) {

for (AuditEvent.AuditParam param : parameters) {
if (param.isSensitive()) {
result.add(param.name() + " (sensitive)");
result.add("(sensitive)");
} else {
result.add(param.value().orElse("null"));
}
Expand Down
4 changes: 2 additions & 2 deletions security/security/src/test/java/io/helidon/security/AuditEventTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019 Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -44,7 +44,7 @@ void testParam() {
}

@Test
public void testSensitiveParam() {
void testSensitiveParam() {
String name = "paramName";
String value = "sensitiveValue";

Expand Down
99 changes: 99 additions & 0 deletions security/security/src/test/java/io/helidon/security/DefaultAuditProviderTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
/*
* Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.helidon.security;

import java.util.List;
import java.util.Optional;

import io.helidon.config.Config;

import org.junit.jupiter.api.Test;

import static io.helidon.common.CollectionsHelper.listOf;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.startsWith;
import static org.hamcrest.MatcherAssert.assertThat;

/**
* Unit test for {@link DefaultAuditProvider}.
*/
class DefaultAuditProviderTest {
@Test
void testMessageFormatting() {
DefaultAuditProvider provider = DefaultAuditProvider.create(Config.empty());
AuditEvent event = createEvent("Unit tests: first: \"%s\"; second: \"%s\"",
listOf(AuditEvent.AuditParam.plain("first", "data"),
AuditEvent.AuditParam.sensitive("second", "secret")));

String message = provider.formatMessage(event);

assertThat(message, is("Unit tests: first: \"data\"; second: \"(sensitive)\""));
}

@Test
void testMessageFormattingTooManyParams() {
DefaultAuditProvider provider = DefaultAuditProvider.create(Config.empty());
AuditEvent event = createEvent("Unit tests: first: \"%s\"; second: \"%s\"",
listOf(AuditEvent.AuditParam.plain("first", "data"),
AuditEvent.AuditParam.sensitive("second", "secret"),
AuditEvent.AuditParam.plain("third", "thirdData")));

String message = provider.formatMessage(event);

assertThat(message, is("Unit tests: first: \"data\"; second: \"(sensitive)\""));
}

@Test
void testMessageFormattingNotEnoughParams() {
DefaultAuditProvider provider = DefaultAuditProvider.create(Config.empty());
AuditEvent event = createEvent("Unit tests: first: \"%s\"; second: \"%s\"",
listOf(AuditEvent.AuditParam.plain("first", "data")));

String message = provider.formatMessage(event);

assertThat(message, startsWith("Formatting failed for format: Unit tests: first: \"%s\"; second: \"%s\", parameters: "));
}

private AuditEvent createEvent(String messageFormat, List<AuditEvent.AuditParam> params) {
return new AuditEvent() {
@Override
public String eventType() {
return "unit-test";
}

@Override
public Optional<Throwable> throwable() {
return Optional.empty();
}

@Override
public List<AuditParam> params() {
return params;
}

@Override
public String messageFormat() {
return messageFormat;
}

@Override
public AuditSeverity severity() {
return null;
}
};
}
}

0 comments on commit 0b44057

Please sign in to comment.