https://github.com/apereo/inspektr
D.
On Tue, Jan 23, 2018 at 5:38 AM -0500, "Oscar del Pozo"
<[email protected]> wrote:
There is a bug in the module inspektr-audit-1.7.1.GA when an Exception is
thrown on an authentication process that ends logging the authentication as
successfully:
Logs:
2018-01-23 11:18:18,583 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports
[org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
of type [ClientCredential].>
2018-01-23 11:18:57,038 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: null
WHAT: Supplied credentials:
[org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Jan 23 11:18:57 CET 2018
CLIENT IP ADDRESS: 192.168.56.1
SERVER IP ADDRESS: 192.168.56.1
=============================================================
The bug is located at
org.apereo.inspektr.audit.AuditTrailManagementAspect@handleAuditTrail(final
ProceedingJoinPoint joinPoint, final Audit audit) throws Throwable:
@Around(value = "@annotation(audit)", argNames = "audit") public Object
handleAuditTrail(final ProceedingJoinPoint joinPoint, final Audit audit) throws
Throwable { final AuditActionResolver auditActionResolver =
this.auditActionResolvers.get(audit.actionResolverName()); final
AuditResourceResolver auditResourceResolver =
this.auditResourceResolvers.get(audit.resourceResolverName());
String currentPrincipal = null; String[] auditResource = new
String[]{null}; String action = null; Object retVal = null;
try { retVal = joinPoint.proceed();
currentPrincipal =
this.auditPrincipalResolver.resolveFrom(joinPoint, retVal);
auditResource = auditResourceResolver.resolveFrom(joinPoint, retVal);
action = auditActionResolver.resolveFrom(joinPoint, retVal, audit);
return retVal; } catch (final Throwable e) {
currentPrincipal = this.auditPrincipalResolver.resolveFrom(joinPoint, e);
auditResource = auditResourceResolver.resolveFrom(joinPoint, e);
action = auditActionResolver.resolveFrom(joinPoint, e, audit);
throw e; } finally { executeAuditCode(currentPrincipal,
auditResource, joinPoint, retVal, action, audit); } }
The problem here is that the auditActionResolver has two methods:
String resolveFrom(JoinPoint auditableTarget, Object retval, Audit audit);
String resolveFrom(JoinPoint auditableTarget, Exception exception, Audit audit);
When we try to invoke the second one, we have to cast the exception e to do not
enter in the first method, where the success suffix will be applied to the
audit log.
To fix this, the catch block should be
} catch (final Throwable e) { currentPrincipal =
this.auditPrincipalResolver.resolveFrom(joinPoint, e); auditResource
= auditResourceResolver.resolveFrom(joinPoint, e); action =
auditActionResolver.resolveFrom(joinPoint, (Exception) e, audit);
throw e; }
I would make a pull-request, but I haven't found the source code at github.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/019cf236-26be-4c3d-97e6-0bb731b8217e%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/77BFF63A37AFBC73.49698ED7-5EF0-4523-AB59-8366F79A0592%40mail.outlook.com.
