There is a bug in the module inspektr-audit-1.7.1.GA when an Exception is
thrown on an authentication process that ends logging the authentication as
successfully:
Logs:
2018-01-23 11:18:18,583 ERROR
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authentication
> has failed. Credentials may be incorrect or CAS cannot find
> authentication handler that supports
> [org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
>
> of type [ClientCredential].>
> 2018-01-23 11:18:57,038 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: null
> WHAT: Supplied credentials:
> [org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
> ACTION: AUTHENTICATION_SUCCESS
> APPLICATION: CAS
> WHEN: Tue Jan 23 11:18:57 CET 2018
> CLIENT IP ADDRESS: 192.168.56.1
> SERVER IP ADDRESS: 192.168.56.1
> =============================================================
The bug is located at
*org.apereo.inspektr.audit.AuditTrailManagementAspect@handleAuditTrail(final
ProceedingJoinPoint joinPoint, final Audit audit) throws Throwable*:
@Around(value = "@annotation(audit)", argNames = "audit")
public Object handleAuditTrail(final ProceedingJoinPoint joinPoint,
final Audit audit) throws Throwable {
final AuditActionResolver auditActionResolver =
this.auditActionResolvers.get(audit.actionResolverName());
final AuditResourceResolver auditResourceResolver =
this.auditResourceResolvers.get(audit.resourceResolverName());
String currentPrincipal = null;
String[] auditResource = new String[]{null};
String action = null;
Object retVal = null;
try {
retVal = joinPoint.proceed();
currentPrincipal =
this.auditPrincipalResolver.resolveFrom(joinPoint, retVal);
auditResource = auditResourceResolver.resolveFrom(joinPoint,
retVal);
action = auditActionResolver.resolveFrom(joinPoint, retVal,
audit);
return retVal;
} catch (final Throwable e) {
currentPrincipal =
this.auditPrincipalResolver.resolveFrom(joinPoint, e);
auditResource = auditResourceResolver.resolveFrom(joinPoint, e);
action = auditActionResolver.resolveFrom(joinPoint, e, audit);
throw e;
} finally {
executeAuditCode(currentPrincipal, auditResource, joinPoint,
retVal, action, audit);
}
}
The problem here is that the auditActionResolver has two methods:
String resolveFrom(JoinPoint auditableTarget, Object retval, Audit audit);
String resolveFrom(JoinPoint auditableTarget, Exception exception, Audit
audit);
When we try to invoke the second one, we have to cast the exception e to do
not enter in the first method, where the success suffix will be applied to
the audit log.
To fix this, the catch block should be
} catch (final Throwable e) {
currentPrincipal =
this.auditPrincipalResolver.resolveFrom(joinPoint, e);
auditResource = auditResourceResolver.resolveFrom(joinPoint, e);
action = auditActionResolver.resolveFrom(joinPoint, (Exception)
e, audit);
throw e;
}
I would make a pull-request, but I haven't found the source code at github.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/019cf236-26be-4c3d-97e6-0bb731b8217e%40apereo.org.
