GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Restructure SwitchUserFilter Logs 

Issue gh-6311
pull/10368/head
Josh Cummings 4 years ago
parent
77399ee2b0
commit
7b98c2ea95
2 changed files with 20 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
  2. 17
      web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java

15
web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
Unescape View File

@ -178,6 +178,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
SecurityContext context = SecurityContextHolder.createEmptyContext(); SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(targetUser); context.setAuthentication(targetUser);
SecurityContextHolder.setContext(context); SecurityContextHolder.setContext(context);
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", targetUser));
// redirect to target url // redirect to target url
this.successHandler.onAuthenticationSuccess(request, response, targetUser); this.successHandler.onAuthenticationSuccess(request, response, targetUser);
} }
@ -194,10 +195,13 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
SecurityContext context = SecurityContextHolder.createEmptyContext(); SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(originalUser); context.setAuthentication(originalUser);
SecurityContextHolder.setContext(context); SecurityContextHolder.setContext(context);
this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", originalUser));
// redirect to target url // redirect to target url
this.successHandler.onAuthenticationSuccess(request, response, originalUser); this.successHandler.onAuthenticationSuccess(request, response, originalUser);
return; return;
} }
this.logger.trace(LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]",
this.switchUserMatcher, this.exitUserMatcher));
chain.doFilter(request, response); chain.doFilter(request, response);
} }
@ -216,12 +220,11 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
UsernamePasswordAuthenticationToken targetUserRequest; UsernamePasswordAuthenticationToken targetUserRequest;
String username = request.getParameter(this.usernameParameter); String username = request.getParameter(this.usernameParameter);
username = (username != null) ? username : ""; username = (username != null) ? username : "";
this.logger.debug(LogMessage.format("Attempt to switch to user [%s]", username)); this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", username));
UserDetails targetUser = this.userDetailsService.loadUserByUsername(username); UserDetails targetUser = this.userDetailsService.loadUserByUsername(username);
this.userDetailsChecker.check(targetUser); this.userDetailsChecker.check(targetUser);
// OK, create the switch user token // OK, create the switch user token
targetUserRequest = createSwitchUserToken(request, targetUser); targetUserRequest = createSwitchUserToken(request, targetUser);
this.logger.debug(LogMessage.format("Switch User Token [%s]", targetUserRequest));
// publish event // publish event
if (this.eventPublisher != null) { if (this.eventPublisher != null) {
this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent( this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(
@ -250,9 +253,9 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
// if so, get the original source user so we can switch back // if so, get the original source user so we can switch back
Authentication original = getSourceAuthentication(current); Authentication original = getSourceAuthentication(current);
if (original == null) { if (original == null) {
this.logger.debug("Could not find original user Authentication object!"); this.logger.debug("Failed to find original user");
throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage( throw new AuthenticationCredentialsNotFoundException(this.messages
"SwitchUserFilter.noOriginalAuthentication", "Could not find original Authentication object")); .getMessage("SwitchUserFilter.noOriginalAuthentication", "Failed to find original user"));
} }
// get the source user details // get the source user details
UserDetails originalUser = null; UserDetails originalUser = null;
@ -327,7 +330,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
// check for switch user type of authority // check for switch user type of authority
if (auth instanceof SwitchUserGrantedAuthority) { if (auth instanceof SwitchUserGrantedAuthority) {
original = ((SwitchUserGrantedAuthority) auth).getSource(); original = ((SwitchUserGrantedAuthority) auth).getSource();
this.logger.debug("Found original switch user granted authority [" + original + "]"); this.logger.debug(LogMessage.format("Found original switch user granted authority [%s]", original));
} }
} }
return original; return original;

17
web/src/main/java/org/springframework/security/web/server/authentication/SwitchUserWebFilter.java
Unescape View File

@ -158,8 +158,12 @@ public class SwitchUserWebFilter implements WebFilter {
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); final WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange))) return switchUser(webFilterExchange).switchIfEmpty(Mono.defer(() -> exitSwitchUser(webFilterExchange)))
.switchIfEmpty(Mono.defer(() -> chain.filter(exchange).then(Mono.empty()))) .switchIfEmpty(Mono.defer(() -> {
.flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange)) this.logger.trace(
LogMessage.format("Did not attempt to switch user since request did not match [%s] or [%s]",
this.switchUserMatcher, this.exitUserMatcher));
return chain.filter(exchange).then(Mono.empty());
})).flatMap((authentication) -> onAuthenticationSuccess(authentication, webFilterExchange))
.onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty()); .onErrorResume(SwitchUserAuthenticationException.class, (exception) -> Mono.empty());
} }
@ -211,7 +215,7 @@ public class SwitchUserWebFilter implements WebFilter {
@NonNull @NonNull
private Mono<Authentication> attemptSwitchUser(Authentication currentAuthentication, String userName) { private Mono<Authentication> attemptSwitchUser(Authentication currentAuthentication, String userName) {
Assert.notNull(userName, "The userName can not be null."); Assert.notNull(userName, "The userName can not be null.");
this.logger.debug(LogMessage.format("Attempt to switch to user [%s]", userName)); this.logger.debug(LogMessage.format("Attempting to switch to user [%s]", userName));
return this.userDetailsService.findByUsername(userName) return this.userDetailsService.findByUsername(userName)
.switchIfEmpty(Mono.error(this::noTargetAuthenticationException)) .switchIfEmpty(Mono.error(this::noTargetAuthenticationException))
.doOnNext(this.userDetailsChecker::check) .doOnNext(this.userDetailsChecker::check)
@ -222,7 +226,7 @@ public class SwitchUserWebFilter implements WebFilter {
private Authentication attemptExitUser(Authentication currentAuthentication) { private Authentication attemptExitUser(Authentication currentAuthentication) {
Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication); Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
if (!sourceAuthentication.isPresent()) { if (!sourceAuthentication.isPresent()) {
this.logger.debug("Could not find original user Authentication object!"); this.logger.debug("Failed to find original user");
throw noOriginalAuthenticationException(); throw noOriginalAuthenticationException();
} }
return sourceAuthentication.get(); return sourceAuthentication.get();
@ -232,13 +236,14 @@ public class SwitchUserWebFilter implements WebFilter {
ServerWebExchange exchange = webFilterExchange.getExchange(); ServerWebExchange exchange = webFilterExchange.getExchange();
SecurityContextImpl securityContext = new SecurityContextImpl(authentication); SecurityContextImpl securityContext = new SecurityContextImpl(authentication);
return this.securityContextRepository.save(exchange, securityContext) return this.securityContextRepository.save(exchange, securityContext)
.doOnSuccess((v) -> this.logger.debug(LogMessage.format("Switched user to %s", authentication)))
.then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication)) .then(this.successHandler.onAuthenticationSuccess(webFilterExchange, authentication))
.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))); .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
} }
private Mono<Void> onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) { private Mono<Void> onAuthenticationFailure(AuthenticationException exception, WebFilterExchange webFilterExchange) {
return Mono.justOrEmpty(this.failureHandler).switchIfEmpty(Mono.defer(() -> { return Mono.justOrEmpty(this.failureHandler).switchIfEmpty(Mono.defer(() -> {
this.logger.error("Switch User failed", exception); this.logger.debug("Failed to switch user", exception);
return Mono.error(exception); return Mono.error(exception);
})).flatMap((failureHandler) -> failureHandler.onAuthenticationFailure(webFilterExchange, exception)); })).flatMap((failureHandler) -> failureHandler.onAuthenticationFailure(webFilterExchange, exception));
} }
@ -247,7 +252,7 @@ public class SwitchUserWebFilter implements WebFilter {
Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication); Optional<Authentication> sourceAuthentication = extractSourceAuthentication(currentAuthentication);
if (sourceAuthentication.isPresent()) { if (sourceAuthentication.isPresent()) {
// SEC-1763. Check first if we are already switched. // SEC-1763. Check first if we are already switched.
this.logger.info( this.logger.debug(
LogMessage.format("Found original switch user granted authority [%s]", sourceAuthentication.get())); LogMessage.format("Found original switch user granted authority [%s]", sourceAuthentication.get()));
currentAuthentication = sourceAuthentication.get(); currentAuthentication = sourceAuthentication.get();
} }

Write Preview
Loading…
Cancel
Save