Comments (7)
Can you please share your metadata implementation. Then I'll be able to resolve this.
from audit4j-core.
Hi Janith, first of all, thanks a lot for your great job!
Below my implementation of your MetaData interface
public class AuditMetaData implements MetaData, Serializable
{
.....
@OverRide
public String getActor()
{
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication(); <= this is always null after user successful authenticated
UserSessionBean user = (UserSessionBean) auth.getPrincipal();
return user.getUsername();
}
}
and my
UserAuthenticationService implements UserDetailsService
{
@transactional(readOnly = true)
@OverRide
public UserSessionBean loadUserByUsername(final String userName) throws UsernameNotFoundException
{
....
return buildUserForAuthentication(user, authorities);
}
private UserSessionBean buildUserForAuthentication(User user, List authorities)
{
....
if(passwordEncoder.matches(credential, userBean.getPassword()))
{
Authentication token = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), authorities);
SecurityContextHolder.getContext().setAuthentication(token);
userBean.setAuthenticated(true);
fillUserData(user);
}
else
{
userBean.setAuthenticated(false);
}
return userBean;
}
}
from audit4j-core.
Hi,
We are using spring security with large enterprise application and its working fine.
Follow is the custom metadata implementation code I picked from that application.
public String getActor() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return ANONYMOUS_USER_LAN_ID;
}
final Object principal = authentication.getPrincipal();
if (principal instanceof CurrentUser) {
return ((CurrentUser) principal).getUsername();
} else if (principal instanceof String && ANONYMOUS_USER_LAN_ID.equals(principal)) {
return ANONYMOUS_USER_LAN_ID;
} else {
throw new IllegalStateException("Unrecognized principal while getting the current user: " + principal);
}
}
Can you please mention what Audit4j core version you are using.
Can you please verify whether application is properly authenticated.
Regards,
Janith
from audit4j-core.
Hi Janith, thanks for sharing your implementation..
It seems like mine and they are bases on the same key SecurityContextHolder.getContext().getAuthentication() anyway.
I tried both Audit4j-core v 2.3.1, 2.4.0 alpha versions, but I don't think this is the issue.
I think there's something wrong on my application configuration, because as soon as code invokes my custom implementation of Metadata (getActor method), the SecurityContextHolder looses its references to the to the whole application context, but I can confirm that application is properly authenticated.
I have two distinct webfilters, one for web authentication, one for rest-mobile authentication and they both work as espected.
So I have to deeply investigate to find the reason of the issue.
follow how I configured audit4j spring beans
Configuration
@EnableWebMvc
@EnableAspectJAutoProxy
@EnableTransactionManagement
@ComponentScan(basePackages =
{ "....", "...." }, excludeFilters =
{
@ComponentScan.Filter(type = FilterType.CUSTOM, value =
....),
})
public class WebConfig extends WebMvcConfigurerAdapter implements Serializable
{
.....
@Bean
public AuditAspect auditAspect()
{
AuditAspect auditAspect = new AuditAspect();
return auditAspect;
}
@Bean
public SpringAudit4jConfig springAudit4jConfig() {
SpringAudit4jConfig springAudit4jConfig = new SpringAudit4jConfig();
springAudit4jConfig.setLayout(new SimpleLayout());
List<Handler> handlers = new ArrayList<Handler>();
handlers.add(new ConsoleAuditHandler());
DatabaseAuditHandler dbHandler = new DatabaseAuditHandler();
dbHandler.setEmbedded("false");
dbHandler.setDb_connection_type("jndi");
dbHandler.setDb_jndi_datasource("java:jboss/datasources/DS");
handlers.add(dbHandler);
springAudit4jConfig.setHandlers(handlers);
springAudit4jConfig.setMetaData(new AuditMetaData());
return springAudit4jConfig;
}
}
thank you for your willingness.
Regards,
Marco.
from audit4j-core.
Marked this as a bug since asynchronous metadata lookup is not working for spring security with annotations. Fixed issue in audit4j-core-2.4.0-alpha3. Please use this version until release a stable release.
from audit4j-core.
audit4j-core-2.4.0-alpha3 is available in mevan central. closing issue.
from audit4j-core.
For any future visitors, the root cause is that spring stores authentication in ThredLocal
and Audit4j was processing the events in separate thread which didn't see the ThreadLocal
which is local to the web request thread.
The new version fixed that by running the metadata retrieval from the source thread.
from audit4j-core.
Related Issues (20)
- Throw statement in YAMLConfigProvider drops exception on floor
- How to extends the Customizable Layout (example add ${roles}) HOT 1
- Dependencies number HOT 3
- Success Call or Failure Call
- Update @AuditField documentation HOT 3
- Errors after running Application HOT 7
- 2.5.0 Config with YAML file CustomizableLayout : pb properties dateFormat and template HOT 1
- Audit4j still uses older group of javassist HOT 2
- Initialization vectors should be randomly generated for proper security guarantees.
- Timestamp format for database auditing HOT 1
- @Audit annotation does not work HOT 4
- Support for loading config file from user home directory HOT 1
- It is not possible to change the prefix of the Audit file (FileAuditHandler auditFilePrefix not taken in account)
- Support for wildcard file filter
- isJDK_N_OrHigher() method having issue with Java 10 HOT 5
- Java 10 compatibility Issue HOT 14
- audit4j-core 2.6.0 with Maven HOT 1
- Bug with async mode is always true
- ZeroCopyFileWriter leaks file handlers
- Webiste audit4j.org down HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from audit4j-core.