3 * Copyright (C) 2009-2023 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.authentication.event;
22 import com.google.common.base.Joiner;
23 import java.util.Collections;
24 import javax.annotation.Nullable;
25 import org.sonar.api.server.http.HttpRequest;
26 import org.slf4j.Logger;
27 import org.slf4j.LoggerFactory;
28 import org.sonar.core.util.stream.MoreCollectors;
30 import static java.util.Objects.requireNonNull;
32 public class AuthenticationEventImpl implements AuthenticationEvent {
33 private static final Logger LOGGER = LoggerFactory.getLogger("auth.event");
34 private static final int FLOOD_THRESHOLD = 128;
37 public void loginSuccess(HttpRequest request, @Nullable String login, Source source) {
38 checkRequest(request);
39 requireNonNull(source, "source can't be null");
40 if (!LOGGER.isDebugEnabled()) {
43 LOGGER.debug("login success [method|{}][provider|{}|{}][IP|{}|{}][login|{}]",
44 source.getMethod(), source.getProvider(), source.getProviderName(),
45 request.getRemoteAddr(), getAllIps(request),
46 preventLogFlood(emptyIfNull(login)));
49 private static String getAllIps(HttpRequest request) {
50 return Collections.list(request.getHeaders("X-Forwarded-For")).stream().collect(MoreCollectors.join(Joiner.on(",")));
54 public void loginFailure(HttpRequest request, AuthenticationException e) {
55 checkRequest(request);
56 requireNonNull(e, "AuthenticationException can't be null");
57 if (!LOGGER.isDebugEnabled()) {
60 Source source = e.getSource();
61 LOGGER.debug("login failure [cause|{}][method|{}][provider|{}|{}][IP|{}|{}][login|{}]",
62 emptyIfNull(e.getMessage()),
63 source.getMethod(), source.getProvider(), source.getProviderName(),
64 request.getRemoteAddr(), getAllIps(request),
65 preventLogFlood(emptyIfNull(e.getLogin())));
69 public void logoutSuccess(HttpRequest request, @Nullable String login) {
70 checkRequest(request);
71 if (!LOGGER.isDebugEnabled()) {
74 LOGGER.debug("logout success [IP|{}|{}][login|{}]",
75 request.getRemoteAddr(), getAllIps(request),
76 preventLogFlood(emptyIfNull(login)));
80 public void logoutFailure(HttpRequest request, String errorMessage) {
81 checkRequest(request);
82 requireNonNull(errorMessage, "error message can't be null");
83 if (!LOGGER.isDebugEnabled()) {
86 LOGGER.debug("logout failure [error|{}][IP|{}|{}]",
87 emptyIfNull(errorMessage),
88 request.getRemoteAddr(), getAllIps(request));
91 private static void checkRequest(HttpRequest request) {
92 requireNonNull(request, "request can't be null");
95 private static String emptyIfNull(@Nullable String login) {
96 return login == null ? "" : login;
99 private static String preventLogFlood(String str) {
100 if (str.length() > FLOOD_THRESHOLD) {
101 return str.substring(0, FLOOD_THRESHOLD) + "...(" + str.length() + ")";
projects / sonarqube.git / blob