BAEL-75 - Spring Boot Audit Support (#1561)

Rework to avoid the separate spring-boot-auditing module by moving the code to the spring-security-core module

spring-security-core/src/main/java/org/baeldung/auditing/ExposeAttemptedPathAuthorizationAuditListener.java

@@ -0,0 +1,36 @@
+package org.baeldung.auditing;
+
+import org.springframework.boot.actuate.audit.AuditEvent;
+import org.springframework.boot.actuate.security.AbstractAuthorizationAuditListener;
+import org.springframework.security.access.event.AbstractAuthorizationEvent;
+import org.springframework.security.access.event.AuthorizationFailureEvent;
+import org.springframework.security.web.FilterInvocation;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class ExposeAttemptedPathAuthorizationAuditListener extends AbstractAuthorizationAuditListener {
+
+    public static final String AUTHORIZATION_FAILURE = "AUTHORIZATION_FAILURE";
+
+    @Override
+    public void onApplicationEvent(AbstractAuthorizationEvent event) {
+        if (event instanceof AuthorizationFailureEvent) {
+            onAuthorizationFailureEvent((AuthorizationFailureEvent) event);
+        }
+    }
+
+    private void onAuthorizationFailureEvent(AuthorizationFailureEvent event) {
+        Map<String, Object> data = new HashMap<>();
+        data.put("type", event.getAccessDeniedException().getClass().getName());
+        data.put("message", event.getAccessDeniedException().getMessage());
+        data.put("requestUrl", ((FilterInvocation)event.getSource()).getRequestUrl() );
+        if (event.getAuthentication().getDetails() != null) {
+            data.put("details", event.getAuthentication().getDetails());
+        }
+        publish(new AuditEvent(event.getAuthentication().getName(), AUTHORIZATION_FAILURE,
+                               data));
+    }
+}

spring-security-core/src/main/java/org/baeldung/auditing/LoginAttemptsLogger.java

@@ -0,0 +1,25 @@
+package org.baeldung.auditing;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.actuate.audit.AuditEvent;
+import org.springframework.boot.actuate.audit.listener.AuditApplicationEvent;
+import org.springframework.context.event.EventListener;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.stereotype.Component;
+
+@Component
+public class LoginAttemptsLogger {
+    private static final Logger LOGGER = LoggerFactory.getLogger(LoginAttemptsLogger.class);
+
+    @EventListener
+    public void auditEventHappened(AuditApplicationEvent auditApplicationEvent) {
+        AuditEvent auditEvent = auditApplicationEvent.getAuditEvent();
+        LOGGER.info("Principal " + auditEvent.getPrincipal() + " - " + auditEvent.getType());
+
+        WebAuthenticationDetails details = (WebAuthenticationDetails) auditEvent.getData().get("details");
+        LOGGER.info("  Remote IP address: " + details.getRemoteAddress());
+        LOGGER.info("  Session Id: " + details.getSessionId());
+        LOGGER.info("  Request URL: " + auditEvent.getData().get("requestUrl"));
+    }
+}

spring-security-core/src/main/java/org/baeldung/config/WebSecurityConfig.java

@@ -20,6 +20,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication().withUser("jim").password("jim").roles("USER").and().withUser("pam").password("pam").roles("USER").and().withUser("michael").password("michael").roles("MANAGER");
+        auth.inMemoryAuthentication()
+            .withUser("jim").password("jim").roles("USER", "ACTUATOR")
+            .and().withUser("pam").password("pam").roles("USER")
+            .and().withUser("michael").password("michael").roles("MANAGER");
     }
 }