Spring Boot + Spring Security授权成功审核 [英] Spring Boot + Spring Security authorization success audit

问题描述

有没有人设法获得带有Spring Security的Spring Boot来处理AuthorizedEvent的事件(即用于审核日志)?

Has anyone managed to get Spring Boot w/ Spring Security to handle AuthorizedEvent's (i.e. for audit log)?

我已经实现了以下应用程序事件侦听器:

I have implemented the following application event listener:

@Component
public class AuthorizationSuccessAudit implements ApplicationListener<AuthorizedEvent> {

    private static Logger auditLogger = LoggerFactory.getLogger("audit");

    @Override
    public void onApplicationEvent(AuthorizedEvent event) {
        auditLogger.info("Authorization granted to user: {} - {}", event.getAuthentication().getName(), event.getConfigAttributes());
    }

}

，并使用@PreAuthorize注释测试MVC端点.我期望春季安全补助金会显示在日志中.虽然这对于我使用的所有其他事件(AuthenticationSuccessEvent，AuthenticationFailureEvent，AbstractAuthenticationFailureEvent)都有效，但不适用于AuthorizedEvent.

and have a test MVC endpoint annotated with @PreAuthorize. I was expecting that the spring security grants would show up on the log. While this works for every other event I used (AuthenticationSuccessEvent, AuthenticationFailureEvent, AbstractAuthenticationFailureEvent) it does not for the AuthorizedEvent.

我尝试浏览Spring Boot源，并且似乎未在

I tried browsing the Spring Boot source and it seems this event is not handled in AuthorizationAuditListener.java, is this possibly a bug or am I hacking at it the wrong way?

推荐答案

按照

As per spring boot documentation, Use Spring Boot Actuator (audit framework for Spring Boot), and provide your own implementations of AbstractAuthorizationAuditListener.

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
    <version>1.3.0.RELEASE</version>
</dependency>

还有类似的东西.

class TestAuthorizationAuditListener extends AbstractAuthorizationAuditListener { 

  @Override 
  public void setApplicationEventPublisher(ApplicationEventPublisher publisher) { 
  } 

  @Override 
  public void onApplicationEvent(AbstractAuthorizationEvent event) { 
  } 

 } 

这篇关于Spring Boot + Spring Security授权成功审核的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！