OP-17098: serialisation issues are fixed. (#255)

spinnaker · Sep 19, 2022 · 771ba2d · 771ba2d
1 parent e86c1d8
commit 771ba2d
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java
@@ -49,7 +49,7 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
       if (event.getAuthentication().isAuthenticated()
           && event instanceof InteractiveAuthenticationSuccessEvent) {
         log.debug("publishEvent InteractiveAuthenticationSuccessEvent");
-        handleInteractiveAuthenticationSuccessEvent(event);
+        handleAuthenticationEvent(event, AuditEventType.AUTHENTICATION_SUCCESSFUL_AUDIT);
         return;
       }
 
@@ -62,6 +62,15 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
         log.debug("publishEvent AbstractAuthenticationFailureEvent");
         auditHandler.publishEvent(AuditEventType.AUTHENTICATION_FAILURE_AUDIT, event);
       } else if (event instanceof LogoutSuccessEvent) {
+        if (event
+            .getAuthentication()
+            .getClass()
+            .getName()
+            .equals("org.springframework.security.providers.ExpiringUsernameAuthenticationToken")) {
+          log.debug("publishEvent LogoutSuccessEvent with ExpiringUsernameAuthenticationToken");
+          handleAuthenticationEvent(event, AuditEventType.SUCCESSFUL_USER_LOGOUT_AUDIT);
+          return;
+        }
         log.debug("publishEvent LogoutSuccessEvent");
         auditHandler.publishEvent(AuditEventType.SUCCESSFUL_USER_LOGOUT_AUDIT, event);
       }
@@ -71,14 +80,15 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
     }
   }
 
-  private void handleInteractiveAuthenticationSuccessEvent(AbstractAuthenticationEvent event) {
+  private void handleAuthenticationEvent(
+      AbstractAuthenticationEvent event, AuditEventType eventType) {
     AbstractAuthenticationToken auth = (AbstractAuthenticationToken) event.getAuthentication();
     String name = auth.getName();
     List<String> roles =
         Optional.ofNullable(auth.getAuthorities()).orElse(new ArrayList<>()).stream()
             .map(GrantedAuthority::getAuthority)
             .collect(Collectors.toList());
     AuditData data = new AuditData(name, roles);
-    auditHandler.publishEvent(AuditEventType.AUTHENTICATION_SUCCESSFUL_AUDIT, data);
+    auditHandler.publishEvent(eventType, data);
   }
 }