Merge pull request #235 from OpsMx/bugfix/OP-17106-4-0

OP-17106: Appending roles
spinnaker · Aug 12, 2022 · df4d146 · df4d146
2 parents 9a119d0 + 334e9a0
commit df4d146
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 5 deletions.
diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/audit/AuthenticationAuditListener.java
@@ -18,13 +18,18 @@
 
 import com.opsmx.spinnaker.gate.enums.AuditEventType;
 import com.opsmx.spinnaker.gate.model.AuditData;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.security.AbstractAuthenticationAuditListener;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.event.*;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Component;
 
 @Slf4j
@@ -40,7 +45,7 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
 
     try {
       log.debug("Authentication audit events received : {}", event);
-      // OP-17106: If saml event handle differently
+      // OP-17106: looks like a saml event fetch name and roles to publish
       if (event.getAuthentication().isAuthenticated()
           && event instanceof InteractiveAuthenticationSuccessEvent) {
         log.debug("publishEvent InteractiveAuthenticationSuccessEvent");
@@ -69,7 +74,11 @@ public void onApplicationEvent(AbstractAuthenticationEvent event) {
   private void handleInteractiveAuthenticationSuccessEvent(AbstractAuthenticationEvent event) {
     AbstractAuthenticationToken auth = (AbstractAuthenticationToken) event.getAuthentication();
     String name = auth.getName();
-    AuditData data = new AuditData(name);
+    List<String> roles =
+        Optional.ofNullable(auth.getAuthorities()).orElse(new ArrayList<>()).stream()
+            .map(GrantedAuthority::getAuthority)
+            .collect(Collectors.toList());
+    AuditData data = new AuditData(name, roles);
     auditHandler.publishEvent(AuditEventType.AUTHENTICATION_SUCCESSFUL_AUDIT, data);
   }
 }
diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/model/AuditData.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/model/AuditData.java
@@ -16,22 +16,34 @@
 
 package com.opsmx.spinnaker.gate.model;
 
+import java.util.List;
 import lombok.Data;
 
 @Data
 public class AuditData {
   private Source source;
 
-  public AuditData(String name) {
-    this.source = new Source(name);
+  public AuditData(String name, List<String> roles) {
+    this.source = new Source(name, roles);
   }
 
   @Data
   public class Source {
     private String name;
+    private Principal principal;
 
-    public Source(String name) {
+    public Source(String name, List<String> roles) {
       this.name = name;
+      this.principal = new Principal(roles);
+    }
+  }
+
+  @Data
+  public class Principal {
+    private List<String> roles;
+
+    public Principal(List<String> roles) {
+      this.roles = roles;
     }
   }
 }