有没有人设法让Spring Boot和Spring Security一起处理AuthorizedEvent(即审计日志)?
我已经实现了以下应用程序事件侦听器:
@Component
public class AuthorizationSuccessAudit implements ApplicationListener<AuthorizedEvent> {
private static Logger auditLogger = LoggerFactory.getLogger("audit");
@Override
public void onApplicationEvent(AuthorizedEvent event) {
auditLogger.info("Authorization granted to user: {} - {}", event.getAuthentication().getName(), event.getConfigAttributes());
}
}
并使用@PreAuthorize注释测试MVC端点。我原以为弹簧安全补助金会出现在日志上。虽然这适用于我使用的每个其他事件(AuthenticationSuccessEvent,AuthenticationFailureEvent,AbstractAuthenticationFailureEvent),但它不适用于AuthorizedEvent。
我尝试浏览Spring Boot源代码,似乎这个事件没有在AuthorizationAuditListener.java中处理,这可能是一个错误,还是我错误地攻击它?
答案 0 :(得分:0)
根据spring boot documentation,使用Spring Boot Actuator(Spring Boot的审计框架),并提供自己的AbstractAuthorizationAuditListener实现。
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>1.3.0.RELEASE</version>
</dependency>
与此类似......
class TestAuthorizationAuditListener extends AbstractAuthorizationAuditListener {
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
}
@Override
public void onApplicationEvent(AbstractAuthorizationEvent event) {
}
}
答案 1 :(得分:0)
看起来spring boot无法实现这里你想处理事件。
尝试注释方法,以便spring知道你想要处理事件
@EventListener(value = {AuthorizedEvent.class})
public void onApplicationEvent(AuthorizedEvent event) {
auditLogger.info("Authorization granted to user: {} - {}", event.getAuthentication().getName(), event.getConfigAttributes());
}