Spring Boot + Spring Security授权成功审核 [英] Spring Boot + Spring Security authorization success audit
问题描述
有没有人设法获得带有Spring Security的Spring Boot来处理AuthorizedEvent的事件(即用于审核日志)?
Has anyone managed to get Spring Boot w/ Spring Security to handle AuthorizedEvent's (i.e. for audit log)?
我已经实现了以下应用程序事件侦听器:
I have implemented the following application event listener:
@Component
public class AuthorizationSuccessAudit implements ApplicationListener<AuthorizedEvent> {
private static Logger auditLogger = LoggerFactory.getLogger("audit");
@Override
public void onApplicationEvent(AuthorizedEvent event) {
auditLogger.info("Authorization granted to user: {} - {}", event.getAuthentication().getName(), event.getConfigAttributes());
}
}
,并使用@PreAuthorize注释测试MVC端点.我期望春季安全补助金会显示在日志中.虽然这对于我使用的所有其他事件(AuthenticationSuccessEvent,AuthenticationFailureEvent,AbstractAuthenticationFailureEvent)都有效,但不适用于AuthorizedEvent.
and have a test MVC endpoint annotated with @PreAuthorize. I was expecting that the spring security grants would show up on the log. While this works for every other event I used (AuthenticationSuccessEvent, AuthenticationFailureEvent, AbstractAuthenticationFailureEvent) it does not for the AuthorizedEvent.
I tried browsing the Spring Boot source and it seems this event is not handled in AuthorizationAuditListener.java, is this possibly a bug or am I hacking at it the wrong way?
推荐答案
As per spring boot documentation, Use Spring Boot Actuator (audit framework for Spring Boot), and provide your own implementations of AbstractAuthorizationAuditListener.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>1.3.0.RELEASE</version>
</dependency>
还有类似的东西.
class TestAuthorizationAuditListener extends AbstractAuthorizationAuditListener {
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
}
@Override
public void onApplicationEvent(AbstractAuthorizationEvent event) {
}
}
这篇关于Spring Boot + Spring Security授权成功审核的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!