Observe Events

Author: jzheaux

Diff for: core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java

@@ -16,14 +16,14 @@
 
 package org.springframework.security.access.event;
 
-import org.springframework.context.ApplicationEvent;
+import org.springframework.security.event.SecurityEvent;
 
 /**
  * Abstract superclass for all security interception related events.
  *
  * @author Ben Alex
  */
-public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
+public abstract class AbstractAuthorizationEvent extends SecurityEvent {
 
 	/**
 	 * Construct the event, passing in the secure object being intercepted.

Diff for: core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationEvent.java

@@ -16,8 +16,8 @@
 
 package org.springframework.security.authentication.event;
 
-import org.springframework.context.ApplicationEvent;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.event.SecurityEvent;
 
 /**
  * Represents an application authentication event.
@@ -28,7 +28,7 @@
  *
  * @author Ben Alex
  */
-public abstract class AbstractAuthenticationEvent extends ApplicationEvent {
+public abstract class AbstractAuthenticationEvent extends SecurityEvent {
 
 	public AbstractAuthenticationEvent(Authentication authentication) {
 		super(authentication);

Diff for: core/src/main/java/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.java

@@ -35,6 +35,10 @@ public AbstractAuthenticationFailureEvent(Authentication authentication, Authent
 		this.exception = exception;
 	}
 
+	public Authentication getAuthentication() {
+		return (Authentication) getSource();
+	}
+
 	public AuthenticationException getException() {
 		return this.exception;
 	}

Diff for: core/src/main/java/org/springframework/security/authorization/event/AuthorizationDeniedEvent.java

@@ -21,6 +21,7 @@
 import org.springframework.context.ApplicationEvent;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.event.SecurityEvent;
 
 /**
  * An {@link ApplicationEvent} which indicates failed authorization.
@@ -29,7 +30,7 @@
  * @author Josh Cummings
  * @since 5.7
  */
-public class AuthorizationDeniedEvent<T> extends ApplicationEvent {
+public class AuthorizationDeniedEvent<T> extends SecurityEvent {
 
 	private final Supplier<Authentication> authentication;
 

Diff for: core/src/main/java/org/springframework/security/authorization/event/AuthorizationGrantedEvent.java

@@ -21,6 +21,7 @@
 import org.springframework.context.ApplicationEvent;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.event.SecurityEvent;
 import org.springframework.util.Assert;
 
 /**
@@ -30,7 +31,7 @@
  * @author Josh Cummings
  * @since 5.7
  */
-public class AuthorizationGrantedEvent<T> extends ApplicationEvent {
+public class AuthorizationGrantedEvent<T> extends SecurityEvent {
 
 	private final Supplier<Authentication> authentication;
 

Diff for: core/src/main/java/org/springframework/security/core/Authentication.java

@@ -134,4 +134,8 @@ public interface Authentication extends Principal, Serializable {
 	 */
 	void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
 
+	default String getAuthenticationType() {
+		return this.getClass().getSimpleName();
+	}
+
 }

Diff for: core/src/main/java/org/springframework/security/event/AuthenticationFailureEventKeyValuesConverter.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.event;
+
+import io.micrometer.common.KeyValues;
+import io.micrometer.observation.ObservationConvention;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AuthenticationObservationContext;
+import org.springframework.security.authentication.AuthenticationObservationConvention;
+import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
+
+/**
+ * A strategy to collect {@link KeyValues} for
+ * {@link org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent}s
+ *
+ * @author Josh Cummings
+ * @since 6.0
+ */
+public final class AuthenticationFailureEventKeyValuesConverter
+		implements Converter<AbstractAuthenticationFailureEvent, KeyValues> {
+
+	private final ObservationConvention<AuthenticationObservationContext> convention = new AuthenticationObservationConvention();
+
+	@Override
+	public KeyValues convert(AbstractAuthenticationFailureEvent event) {
+		return this.convention.getLowCardinalityKeyValues(AuthenticationObservationContext.fromEvent(event));
+	}
+
+}

Diff for: core/src/main/java/org/springframework/security/event/AuthenticationSuccessEventKeyValuesConverter.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.event;
+
+import io.micrometer.common.KeyValues;
+import io.micrometer.observation.ObservationConvention;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AuthenticationObservationContext;
+import org.springframework.security.authentication.AuthenticationObservationConvention;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+
+/**
+ * A strategy to collect {@link KeyValues} for
+ * {@link org.springframework.security.authentication.event.AuthenticationSuccessEvent}s
+ *
+ * @author Josh Cummings
+ * @since 6.0
+ */
+public final class AuthenticationSuccessEventKeyValuesConverter
+		implements Converter<AuthenticationSuccessEvent, KeyValues> {
+
+	private final ObservationConvention<AuthenticationObservationContext> convention = new AuthenticationObservationConvention();
+
+	@Override
+	public KeyValues convert(AuthenticationSuccessEvent event) {
+		return this.convention.getLowCardinalityKeyValues(AuthenticationObservationContext.fromEvent(event));
+	}
+
+}

Diff for: core/src/main/java/org/springframework/security/event/AuthorizationDeniedEventKeyValuesConverter.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.event;
+
+import io.micrometer.common.KeyValues;
+import io.micrometer.observation.ObservationConvention;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authorization.AuthorizationObservationContext;
+import org.springframework.security.authorization.AuthorizationObservationConvention;
+import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
+
+/**
+ * A strategy to collect {@link KeyValues} for
+ * {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}s
+ *
+ * @author Josh Cummings
+ * @since 6.0
+ */
+@SuppressWarnings("rawtypes")
+public final class AuthorizationDeniedEventKeyValuesConverter
+		implements Converter<AuthorizationDeniedEvent, KeyValues> {
+
+	private final ObservationConvention<AuthorizationObservationContext<?>> convention = new AuthorizationObservationConvention();
+
+	@Override
+	public KeyValues convert(AuthorizationDeniedEvent event) {
+		return this.convention.getLowCardinalityKeyValues(AuthorizationObservationContext.fromEvent(event));
+	}
+
+}

Diff for: core/src/main/java/org/springframework/security/event/AuthorizationGrantedEventKeyValuesConverter.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.event;
+
+import io.micrometer.common.KeyValues;
+import io.micrometer.observation.ObservationConvention;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authorization.AuthorizationObservationContext;
+import org.springframework.security.authorization.AuthorizationObservationConvention;
+import org.springframework.security.authorization.event.AuthorizationGrantedEvent;
+
+/**
+ * A strategy to collect {@link KeyValues} for
+ * {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent}s
+ *
+ * @author Josh Cummings
+ * @since 6.0
+ */
+@SuppressWarnings("rawtypes")
+public final class AuthorizationGrantedEventKeyValuesConverter
+		implements Converter<AuthorizationGrantedEvent, KeyValues> {
+
+	private final ObservationConvention<AuthorizationObservationContext<?>> convention = new AuthorizationObservationConvention();
+
+	@Override
+	public KeyValues convert(AuthorizationGrantedEvent event) {
+		return this.convention.getLowCardinalityKeyValues(AuthorizationObservationContext.fromEvent(event));
+	}
+
+}

Diff for: core/src/main/java/org/springframework/security/event/DelegatingObservationSecurityEventListener.java

@@ -0,0 +1,119 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.event;
+
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import io.micrometer.common.KeyValues;
+import io.micrometer.observation.ObservationRegistry;
+
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.SmartApplicationListener;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.util.Assert;
+
+/**
+ * A {@link ApplicationListener} that publishes {@link SecurityEvent}s to an
+ * {@link io.micrometer.observation.ObservationRegistry}
+ *
+ * @author Josh Cummings
+ * @since 6.0
+ */
+public final class DelegatingObservationSecurityEventListener implements ApplicationListener<SecurityEvent> {
+
+	private final Collection<SmartApplicationListener> listeners;
+
+	private DelegatingObservationSecurityEventListener(Collection<SmartApplicationListener> listeners) {
+		this.listeners = listeners;
+	}
+
+	public static Builder withDefaults(ObservationRegistry registry) {
+		Assert.notNull(registry, "registry cannot be null");
+		return new Builder(registry);
+	}
+
+	@Override
+	public void onApplicationEvent(SecurityEvent event) {
+		for (SmartApplicationListener listener : this.listeners) {
+			Object source = event.getSource();
+			if (source != null && listener.supportsEventType(event.getClass())
+					&& listener.supportsSourceType(source.getClass())) {
+				listener.onApplicationEvent(event);
+				return;
+			}
+		}
+	}
+
+	public static final class Builder {
+
+		private final ObservationRegistry registry;
+
+		private final Map<String, SmartApplicationListener> listeners;
+
+		private Builder(ObservationRegistry registry) {
+			this.registry = registry;
+			this.listeners = new LinkedHashMap<>();
+		}
+
+		public <T extends SecurityEvent> Builder add(Class<T> clazz) {
+			return add(clazz, (event) -> KeyValues.empty());
+		}
+
+		public <T extends SecurityEvent> Builder add(Class<T> clazz, Converter<T, KeyValues> keyValuesConverter) {
+			return add(clazz, new ObservationSecurityEventListener<>(this.registry, keyValuesConverter));
+		}
+
+		public <T extends SecurityEvent> Builder add(Class<T> clazz, ObservationSecurityEventListener<T> listener) {
+			this.listeners.put(clazz.getName(), new SecuritySmartApplicationListener<>(clazz, listener));
+			return this;
+		}
+
+		public DelegatingObservationSecurityEventListener build() {
+			add(SecurityEvent.class);
+			return new DelegatingObservationSecurityEventListener(this.listeners.values());
+		}
+
+		private static class SecuritySmartApplicationListener<T extends SecurityEvent>
+				implements SmartApplicationListener {
+
+			private final Class<T> eventType;
+
+			private final ApplicationListener<T> listener;
+
+			SecuritySmartApplicationListener(Class<T> eventType, ApplicationListener<T> listener) {
+				this.eventType = eventType;
+				this.listener = listener;
+			}
+
+			@Override
+			public boolean supportsEventType(Class<? extends ApplicationEvent> eventType) {
+				return this.eventType.isAssignableFrom(eventType);
+			}
+
+			@Override
+			public void onApplicationEvent(ApplicationEvent event) {
+				this.listener.onApplicationEvent((T) event);
+			}
+
+		}
+
+	}
+
+}