I noticing same thing in 5.2.3.
On Monday, March 5, 2018 at 7:33:52 AM UTC-8, Olivier wrote:
>
> Has this already been fixed in the CAS release 5.2.3 ?
>
> On Tuesday, January 23, 2018 at 5:38:15 AM UTC-5, Oscar del Pozo wrote:
>>
>> There is a bug in the module inspektr-audit-1.7.1.GA when an Exception
>> is thrown on an authentication process that ends logging the authentication
>> as successfully:
>>
>> Logs:
>>
>> 2018-01-23 11:18:18,583 ERROR
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <Authentication
>>> has failed. Credentials may be incorrect or CAS cannot find
>>> authentication handler that supports
>>> [org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
>>>
>>> of type [ClientCredential].>
>>> 2018-01-23 11:18:57,038 INFO
>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>>> trail record BEGIN
>>> =============================================================
>>> WHO: null
>>> WHAT: Supplied credentials:
>>> [org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
>>> ACTION: AUTHENTICATION_SUCCESS
>>> APPLICATION: CAS
>>> WHEN: Tue Jan 23 11:18:57 CET 2018
>>> CLIENT IP ADDRESS: 192.168.56.1
>>> SERVER IP ADDRESS: 192.168.56.1
>>> =============================================================
>>
>>
>> The bug is located at
>> *org.apereo.inspektr.audit.AuditTrailManagementAspect@handleAuditTrail(final
>> ProceedingJoinPoint joinPoint, final Audit audit) throws Throwable*:
>>
>> @Around(value = "@annotation(audit)", argNames = "audit")
>> public Object handleAuditTrail(final ProceedingJoinPoint joinPoint,
>> final Audit audit) throws Throwable {
>> final AuditActionResolver auditActionResolver =
>> this.auditActionResolvers.get(audit.actionResolverName());
>> final AuditResourceResolver auditResourceResolver =
>> this.auditResourceResolvers.get(audit.resourceResolverName());
>>
>> String currentPrincipal = null;
>> String[] auditResource = new String[]{null};
>> String action = null;
>> Object retVal = null;
>> try {
>> retVal = joinPoint.proceed();
>>
>> currentPrincipal =
>> this.auditPrincipalResolver.resolveFrom(joinPoint, retVal);
>> auditResource = auditResourceResolver.resolveFrom(joinPoint,
>> retVal);
>> action = auditActionResolver.resolveFrom(joinPoint, retVal,
>> audit);
>>
>> return retVal;
>> } catch (final Throwable e) {
>> currentPrincipal =
>> this.auditPrincipalResolver.resolveFrom(joinPoint, e);
>> auditResource = auditResourceResolver.resolveFrom(joinPoint,
>> e);
>> action = auditActionResolver.resolveFrom(joinPoint, e,
>> audit);
>> throw e;
>> } finally {
>> executeAuditCode(currentPrincipal, auditResource, joinPoint,
>> retVal, action, audit);
>> }
>> }
>>
>> The problem here is that the auditActionResolver has two methods:
>>
>> String resolveFrom(JoinPoint auditableTarget, Object retval, Audit audit);
>>
>> String resolveFrom(JoinPoint auditableTarget, Exception exception, Audit
>> audit);
>>
>> When we try to invoke the second one, we have to cast the exception e to
>> do not enter in the first method, where the success suffix will be applied
>> to the audit log.
>>
>> To fix this, the catch block should be
>>
>> } catch (final Throwable e) {
>> currentPrincipal =
>> this.auditPrincipalResolver.resolveFrom(joinPoint, e);
>> auditResource = auditResourceResolver.resolveFrom(joinPoint,
>> e);
>> action = auditActionResolver.resolveFrom(joinPoint,
>> (Exception) e, audit);
>> throw e;
>> }
>>
>> I would make a pull-request, but I haven't found the source code at
>> github.
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/46baa156-9f6a-453c-a667-41ea78365654%40apereo.org.
