View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.event.authorization;
17  
18  import org.apache.commons.logging.Log;
19  import org.apache.commons.logging.LogFactory;
20  
21  import org.springframework.context.ApplicationEvent;
22  import org.springframework.context.ApplicationListener;
23  
24  
25  /***
26   * Outputs interceptor-related application events to Commons Logging.
27   * 
28   * <P>
29   * All failures are logged at the warning level, with success events logged at
30   * the information level, and public invocation events logged at the debug
31   * level.
32   * </p>
33   *
34   * @author Ben Alex
35   * @version $Id: LoggerListener.java,v 1.2 2005/11/17 00:56:09 benalex Exp $
36   */
37  public class LoggerListener implements ApplicationListener {
38      //~ Static fields/initializers =============================================
39  
40      private static final Log logger = LogFactory.getLog(LoggerListener.class);
41  
42      //~ Methods ================================================================
43  
44      public void onApplicationEvent(ApplicationEvent event) {
45          if (event instanceof AuthenticationCredentialsNotFoundEvent) {
46              AuthenticationCredentialsNotFoundEvent authEvent = (AuthenticationCredentialsNotFoundEvent) event;
47  
48              if (logger.isWarnEnabled()) {
49                  logger.warn("Security interception failed due to: "
50                      + authEvent.getCredentialsNotFoundException()
51                      + "; secure object: " + authEvent.getSource()
52                      + "; configuration attributes: "
53                      + authEvent.getConfigAttributeDefinition());
54              }
55          }
56  
57          if (event instanceof AuthorizationFailureEvent) {
58              AuthorizationFailureEvent authEvent = (AuthorizationFailureEvent) event;
59  
60              if (logger.isWarnEnabled()) {
61                  logger.warn("Security authorization failed due to: "
62                      + authEvent.getAccessDeniedException()
63                      + "; authenticated principal: "
64                      + authEvent.getAuthentication() + "; secure object: "
65                      + authEvent.getSource() + "; configuration attributes: "
66                      + authEvent.getConfigAttributeDefinition());
67              }
68          }
69  
70          if (event instanceof AuthorizedEvent) {
71              AuthorizedEvent authEvent = (AuthorizedEvent) event;
72  
73              if (logger.isInfoEnabled()) {
74                  logger.info("Security authorized for authenticated principal: "
75                      + authEvent.getAuthentication() + "; secure object: "
76                      + authEvent.getSource() + "; configuration attributes: "
77                      + authEvent.getConfigAttributeDefinition());
78              }
79          }
80  
81          if (event instanceof PublicInvocationEvent) {
82              PublicInvocationEvent authEvent = (PublicInvocationEvent) event;
83  
84              if (logger.isInfoEnabled()) {
85                  logger.info(
86                      "Security interception not required for public secure object: "
87                      + authEvent.getSource());
88              }
89          }
90      }
91  }