Has this already been fixed in the CAS release 5.2.3 ?
On Tuesday, January 23, 2018 at 5:38:15 AM UTC-5, Oscar del Pozo wrote:
>
> There is a bug in the module inspektr-audit-1.7.1.GA when an Exception is
> thrown on an authentication process that ends logging the authentication as
> successfully:
>
> Logs:
>
> 2018-01-23 11:18:18,583 ERROR
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication
>> has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports
>> [org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
>>
>> of type [ClientCredential].>
>> 2018-01-23 11:18:57,038 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> WHO: null
>> WHAT: Supplied credentials:
>> [org.apereo.cas.authentication.principal.ClientCredential@77d80cf8[id=<null>]]
>> ACTION: AUTHENTICATION_SUCCESS
>> APPLICATION: CAS
>> WHEN: Tue Jan 23 11:18:57 CET 2018
>> CLIENT IP ADDRESS: 192.168.56.1
>> SERVER IP ADDRESS: 192.168.56.1
>> =============================================================
>
>
> The bug is located at
> *org.apereo.inspektr.audit.AuditTrailManagementAspect@handleAuditTrail(final
> ProceedingJoinPoint joinPoint, final Audit audit) throws Throwable*:
>
> @Around(value = "@annotation(audit)", argNames = "audit")
> public Object handleAuditTrail(final ProceedingJoinPoint joinPoint,
> final Audit audit) throws Throwable {
> final AuditActionResolver auditActionResolver =
> this.auditActionResolvers.get(audit.actionResolverName());
> final AuditResourceResolver auditResourceResolver =
> this.auditResourceResolvers.get(audit.resourceResolverName());
>
> String currentPrincipal = null;
> String[] auditResource = new String[]{null};
> String action = null;
> Object retVal = null;
> try {
> retVal = joinPoint.proceed();
>
> currentPrincipal =
> this.auditPrincipalResolver.resolveFrom(joinPoint, retVal);
> auditResource = auditResourceResolver.resolveFrom(joinPoint,
> retVal);
> action = auditActionResolver.resolveFrom(joinPoint, retVal,
> audit);
>
> return retVal;
> } catch (final Throwable e) {
> currentPrincipal =
> this.auditPrincipalResolver.resolveFrom(joinPoint, e);
> auditResource = auditResourceResolver.resolveFrom(joinPoint,
> e);
> action = auditActionResolver.resolveFrom(joinPoint, e, audit);
> throw e;
> } finally {
> executeAuditCode(currentPrincipal, auditResource, joinPoint,
> retVal, action, audit);
> }
> }
>
> The problem here is that the auditActionResolver has two methods:
>
> String resolveFrom(JoinPoint auditableTarget, Object retval, Audit audit);
>
> String resolveFrom(JoinPoint auditableTarget, Exception exception, Audit
> audit);
>
> When we try to invoke the second one, we have to cast the exception e to
> do not enter in the first method, where the success suffix will be applied
> to the audit log.
>
> To fix this, the catch block should be
>
> } catch (final Throwable e) {
> currentPrincipal =
> this.auditPrincipalResolver.resolveFrom(joinPoint, e);
> auditResource = auditResourceResolver.resolveFrom(joinPoint,
> e);
> action = auditActionResolver.resolveFrom(joinPoint,
> (Exception) e, audit);
> throw e;
> }
>
> I would make a pull-request, but I haven't found the source code at github.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b0ed8dca-12d7-4744-b74b-6e87430902f4%40apereo.org.
