feat(auth): log login failures

src/main/java/org/akhq/modules/BasicAuthAuthenticationProvider.java

@@ -2,7 +2,12 @@
 
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpRequest;
-import io.micronaut.security.authentication.*;
+import io.micronaut.security.authentication.AuthenticationFailed;
+import io.micronaut.security.authentication.AuthenticationFailureReason;
+import io.micronaut.security.authentication.AuthenticationProvider;
+import io.micronaut.security.authentication.AuthenticationRequest;
+import io.micronaut.security.authentication.AuthenticationResponse;
+import io.micronaut.security.authentication.UserDetails;
 import io.reactivex.Flowable;
 import org.akhq.configs.BasicAuth;
 import org.akhq.configs.Ldap;
@@ -13,6 +18,8 @@
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
+import java.util.Collections;
+import java.util.Optional;
 
 @Singleton
 public class BasicAuthAuthenticationProvider implements AuthenticationProvider {
@@ -28,18 +35,20 @@ public class BasicAuthAuthenticationProvider implements AuthenticationProvider {
 
     @Override
     public Publisher<AuthenticationResponse> authenticate(@Nullable HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
-        for(BasicAuth auth : securityProperties.getBasicAuth()) {
-            if (authenticationRequest.getIdentity().equals(auth.getUsername()) &&
-                auth.isValidPassword((String) authenticationRequest.getSecret())) {
-
-                UserDetails userDetails = new UserDetails(auth.getUsername(),
-                        userGroupUtils.getUserRoles(auth.getGroups()),
-                        userGroupUtils.getUserAttributes(auth.getGroups()));
-
-                return Flowable.just(userDetails);
+        String username = String.valueOf(authenticationRequest.getIdentity());
+        for (BasicAuth auth : securityProperties.getBasicAuth()) {
+            if (!username.equals(auth.getUsername())) {
+                continue;
+            }
+            if (!auth.isValidPassword((String) authenticationRequest.getSecret())) {
+                return Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH));
             }
+            UserDetails userDetails = new UserDetails(username,
+                    userGroupUtils.getUserRoles(auth.getGroups()),
+                    userGroupUtils.getUserAttributes(auth.getGroups()));
+            return Flowable.just(userDetails);
         }
 
-        return Flowable.just(new AuthenticationFailed());
+        return Flowable.just(new AuthenticationFailed(AuthenticationFailureReason.USER_NOT_FOUND));
     }
 }

src/main/java/org/akhq/utils/LoginFailedEventListener.java

@@ -0,0 +1,30 @@
+package org.akhq.utils;
+
+import io.micronaut.context.event.ApplicationEventListener;
+import io.micronaut.security.authentication.AuthenticationFailed;
+import io.micronaut.security.authentication.UserDetails;
+import io.micronaut.security.event.LoginFailedEvent;
+import lombok.extern.slf4j.Slf4j;
+
+import javax.inject.Singleton;
+
+@Singleton
+@Slf4j
+public class LoginFailedEventListener implements ApplicationEventListener<LoginFailedEvent> {
+    @Override
+    public void onApplicationEvent(LoginFailedEvent event) {
+        if (event.getSource() instanceof AuthenticationFailed) {
+            AuthenticationFailed authenticationFailed = (AuthenticationFailed) event.getSource();
+            log.warn("Login failed reason {}, username {}, message {}",
+                    authenticationFailed.getReason(),
+                    authenticationFailed.getUserDetails().map(UserDetails::getUsername).orElse("unknown"),
+                    authenticationFailed.getMessage().orElse("none")
+            );
+        }
+    }
+
+    @Override
+    public boolean supports(LoginFailedEvent event) {
+        return true;
+    }
+}