Comments (3)
Can you show me how you're sending events?
from appsensor.
also, can you share the appsensor log for the UI and the rest backend?
from appsensor.
Hey,
thanks for your reply. Here is how the events are created and sent:
Method that wraps AppSensor processes:
@Named
public class AppSensorReporter {
@Autowired
private org.owasp.appsensor.event.RestEventManager appsensorEventManager;
@Autowired
private AppSensorResponseHandlerObserver observer;
@Value("${appsensor.client.header.value}")
private String appsensorApplicationName;
private ScheduledExecutorService scheduledExecutorService = Executors.newSingleThreadScheduledExecutor();
private static final Logger logger = LogManager.getLogger(AppSensorReporter.class);
public void reportEventToAppsensor(final String apiEndpoint, final String attackVector, final String category, final String categoryLabel) {
Reportable appSensorEvent = new AppSensorEvent(
new DetectionPoint(category, categoryLabel),
new DetectionSystem(appsensorApplicationName),
appsensorEventManager, apiEndpoint, attackVector);
logger.info("Reporting event to AppSensor: " + appSensorEvent.log());
CompletableFuture.runAsync(() -> appSensorEvent.reportToAppsensor(), AppsSensorThreadPool.executorService);
updateResponsesFromAppsensor();
}
private void updateResponsesFromAppsensor() {
scheduledExecutorService.schedule(() -> {
Collection<Response> responses = appsensorEventManager.getResponses(new DateTime(DateTimeZone.UTC).minusMinutes(10).toString());
logger.info("Updating AppSensor respones");
observer.onUpdate(responses);
}, 10, TimeUnit.SECONDS);
}
}
And the class that executes the reporting:
public class AppSensorEvent implements Reportable {
private final String APPSENSOR_TIMESTAMP_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private final User reportedUser;
private org.owasp.appsensor.core.Event appsensorEvent;
private final DetectionPoint detectionPoint;
private final DetectionSystem detectionSystem;
private final EventManager appsensorEventManager;
private final List<KeyValuePair> metadata;
private String parsedUsername = "";
private static final Logger logger = LogManager.getLogger(AppSensorEvent.class);
private IP2GeoLocation ip2GeoLocation;
public AppSensorEvent(DetectionPoint detectionPoint, DetectionSystem detectionSystem, EventManager appsensorEventManager, String apiEndpoint, String attackVector) {
ip2GeoLocation = new IP2GeoLocation();
extractUserName();
String ipAddress = extractIPAddress();
this.reportedUser = new User(parsedUsername, new IPAddress(ipAddress, ipAddressToGeolocation(ipAddress)));
this.detectionPoint = detectionPoint;
this.detectionSystem = detectionSystem;
this.appsensorEventManager = appsensorEventManager;
this.metadata = new LinkedList<>();
metadata.add(new KeyValuePair("Endpoint", apiEndpoint));
metadata.add(new KeyValuePair("Vector", attackVector));
createAppsensorEvent();
}
private GeoLocation ipAddressToGeolocation(String ipAddress) {
return ip2GeoLocation.ipAddressToGeoLocation(ipAddress);
}
private void extractUserName() {
Optional<Authentication> usernameOptional = Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication());
usernameOptional.ifPresentOrElse(this::getUsernameFromContext, () -> this.parsedUsername = "Unknown");
}
private void getUsernameFromContext(Authentication authentication) {
this.parsedUsername = authentication.getPrincipal().toString()
.split(",")[2].split("\'")[1];
}
private String extractIPAddress() {
return ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
.getRequest().getRemoteAddr();
}
private void createAppsensorEvent() {
this.appsensorEvent = new Event(
this.reportedUser, this.detectionPoint,
this.detectionSystem
);
this.appsensorEvent.setMetadata(this.metadata);
}
@Override
public void reportToAppsensor() {
appsensorEventManager.addEvent(this.appsensorEvent);
}
@Override
public String log() {
return " [Category: " + this.detectionPoint.getCategory() + ":" + this.detectionPoint.getLabel() + ", User: "
+ this.reportedUser.getUsername() + ":" + this.reportedUser.getIPAddress().getAddress() + "]";
}
}
Please not that the source code is for a POC so it has a lot of space for improvements.
Now the logs:
Startup log of rest-server:
appsensor-rest-server | :: Spring Boot :: (v1.3.2.RELEASE)
appsensor-rest-server |
appsensor-rest-server | 07:37:06.477 [main] INFO o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - Starting AppsensorWsRestServerWithWebsocketBootApplication v1.0.0-SNAPSHOT on 7075f8333fce with PID 1 (/maven/appsensor-ws-rest-server-1.0.0-SNAPSHOT.jar started by root in /)
appsensor-rest-server | 07:37:06.480 [main] DEBUG o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - Running with Spring Boot v1.3.2.RELEASE, Spring v4.2.4.RELEASE
appsensor-rest-server | 07:37:06.480 [main] INFO o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - No active profile set, falling back to default profiles: default
appsensor-rest-server | 07:37:06.539 [main] INFO o.s.b.c.e.AnnotationConfigEmbeddedWebApplicationContext - Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@16441287: startup date [Thu Feb 27 07:37:06 GMT 2020]; root of context hierarchy
appsensor-rest-server | 07:37:06.795 [background-preinit] DEBUG o.j.logging - Logging Provider: org.jboss.logging.Slf4jLoggerProvider found via system property
appsensor-rest-server | 07:37:06.796 [background-preinit] INFO o.h.v.i.u.Version - HV000001: Hibernate Validator 5.2.2.Final
appsensor-rest-server | 07:37:07.708 [main] INFO o.s.b.f.s.DefaultListableBeanFactory - Overriding bean definition for bean 'responseHandler' with a different definition: replacing [Generic bean: class [org.owasp.appsensor.ResponseHandler]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/maven/appsensor-ws-rest-server-1.0.0-SNAPSHOT.jar!/org/owasp/appsensor/ResponseHandler.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=appsensorWsRestServerWithWebsocketBootApplication; factoryMethodName=responseHandler; initMethodName=null; destroyMethodName=(inferred); defined in org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication]
appsensor-rest-server | 07:37:07.824 [main] INFO o.s.b.f.s.DefaultListableBeanFactory - Overriding bean definition for bean 'requestContextFilter' with a different definition: replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.jersey.JerseyAutoConfiguration; factoryMethodName=requestContextFilter; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/jersey/JerseyAutoConfiguration.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter; factoryMethodName=requestContextFilter; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter.class]]
appsensor-rest-server | 07:37:07.825 [main] INFO o.s.b.f.s.DefaultListableBeanFactory - Overriding bean definition for bean 'beanNameViewResolver' with a different definition: replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter.class]]
appsensor-rest-server | 07:37:08.166 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
appsensor-rest-server | 07:37:08.684 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat initialized with port(s): 31085 (http)
appsensor-rest-server | 07:37:08.698 [main] INFO o.a.c.c.StandardService - Starting service Tomcat
appsensor-rest-server | 07:37:08.700 [main] INFO o.a.c.c.StandardEngine - Starting Servlet Engine: Apache Tomcat/8.0.30
appsensor-rest-server | 07:37:08.822 [localhost-startStop-1] INFO o.a.c.c.C.[.[.[/] - Initializing Spring embedded WebApplicationContext
appsensor-rest-server | 07:37:08.823 [localhost-startStop-1] INFO o.s.w.c.ContextLoader - Root WebApplicationContext: initialization completed in 2287 ms
appsensor-rest-server | 07:37:09.523 [localhost-startStop-1] INFO o.s.b.c.e.ServletRegistrationBean - Mapping servlet: 'org.owasp.appsensor.rest.AppSensorApplication' to [/*]
appsensor-rest-server | 07:37:09.524 [localhost-startStop-1] INFO o.s.b.c.e.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/]
appsensor-rest-server | 07:37:09.529 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'characterEncodingFilter' to: [/*]
appsensor-rest-server | 07:37:09.530 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
appsensor-rest-server | 07:37:09.530 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'httpPutFormContentFilter' to: [/*]
appsensor-rest-server | 07:37:09.530 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'requestContextFilter' to: [/*]
appsensor-rest-server | Generating response handler
appsensor-rest-server | 07:37:09.804 [main] WARN o.o.a.c.s.c.StaxClientConfiguration - Could not load appsensor client configuration file. This error is fine if you are running a server.
appsensor-rest-server | 07:37:10.105 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@16441287: startup date [Thu Feb 27 07:37:06 GMT 2020]; root of context hierarchy
appsensor-rest-server | 07:37:10.200 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
appsensor-rest-server | 07:37:10.201 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
appsensor-rest-server | 07:37:10.239 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
appsensor-rest-server | 07:37:10.239 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
appsensor-rest-server | 07:37:10.298 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
appsensor-rest-server | 07:37:10.479 [main] INFO o.s.w.s.s.s.ServerEndpointExporter - Registering @ServerEndpoint class: class org.owasp.appsensor.websocket.WebSocketDashboard
appsensor-rest-server | 07:37:10.492 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Registering beans for JMX exposure on startup
appsensor-rest-server | 07:37:10.545 [main] INFO o.a.c.h.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-31085"]
appsensor-rest-server | 07:37:10.556 [main] INFO o.a.c.h.Http11NioProtocol - Starting ProtocolHandler ["http-nio-31085"]
appsensor-rest-server | 07:37:10.565 [main] INFO o.a.t.u.n.NioSelectorPool - Using a shared selector for servlet write/read
appsensor-rest-server | 07:37:10.597 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 31085 (http)
appsensor-rest-server | 07:37:10.605 [main] INFO o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - Started AppsensorWsRestServerWithWebsocketBootApplication in 4.546 seconds (JVM running for 5.662)
Startup log of the UI:
appsensor-ui |
appsensor-ui | . ____ _ __ _ _
appsensor-ui | /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
appsensor-ui | ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
appsensor-ui | \\/ ___)| |_)| | | | | || (_| | ) ) ) )
appsensor-ui | ' |____| .__|_| |_|_| |_\__, | / / / /
appsensor-ui | =========|_|==============|___/=/_/_/_/
appsensor-ui | :: Spring Boot :: (v1.2.6.RELEASE)
appsensor-ui |
appsensor-ui | 2020-02-27 07:37:11.554 INFO 1 --- [ main] o.o.appsensor.AppsensorUiApplication : Starting AppsensorUiApplication v2.3.3 on e248eeeb7351 with PID 1 (/maven/appsensor-ui-2.3.3.jar started by root in /)
appsensor-ui | 2020-02-27 07:37:11.624 INFO 1 --- [ main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3195b7f2: startup date [Thu Feb 27 07:37:11 GMT 2020]; root of context hierarchy
appsensor-ui | 2020-02-27 07:37:14.226 INFO 1 --- [ main] f.a.AutowiredAnnotationBeanPostProcessor : JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
appsensor-ui | 2020-02-27 07:37:14.424 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.scheduling.annotation.SchedulingConfiguration' of type [class org.springframework.scheduling.annotation.SchedulingConfiguration$$EnhancerBySpringCGLIB$$b6a33509] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.566 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [class org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$464db1ee] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.589 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'transactionAttributeSource' of type [class org.springframework.transaction.annotation.AnnotationTransactionAttributeSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.603 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'transactionInterceptor' of type [class org.springframework.transaction.interceptor.TransactionInterceptor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.614 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.config.internalTransactionAdvisor' of type [class org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.639 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.cache.annotation.ProxyCachingConfiguration' of type [class org.springframework.cache.annotation.ProxyCachingConfiguration$$EnhancerBySpringCGLIB$$adab7c4c] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.661 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'cacheOperationSource' of type [class org.springframework.cache.annotation.AnnotationCacheOperationSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.680 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'cacheInterceptor' of type [class org.springframework.cache.interceptor.CacheInterceptor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.685 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.cache.config.internalCacheAdvisor' of type [class org.springframework.cache.interceptor.BeanFactoryCacheOperationSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.733 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration' of type [class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration$$EnhancerBySpringCGLIB$$6f6efae8] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.755 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'objectPostProcessor' of type [class org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.757 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@66bd015f' of type [class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.782 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration' of type [class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$224d2f5a] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.813 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:14.821 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'metaDataSourceAdvisor' of type [class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
appsensor-ui | 2020-02-27 07:37:15.442 INFO 1 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8084 (http)
appsensor-ui | 2020-02-27 07:37:15.749 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service Tomcat
appsensor-ui | 2020-02-27 07:37:15.751 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/8.0.26
appsensor-ui | 2020-02-27 07:37:15.905 INFO 1 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
appsensor-ui | 2020-02-27 07:37:15.906 INFO 1 --- [ost-startStop-1] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 4285 ms
appsensor-ui | 2020-02-27 07:37:18.002 INFO 1 --- [ost-startStop-1] o.f.c.i.dbsupport.DbSupportFactory : Database: jdbc:mysql://appsensor-db/appsensor (MySQL 5.7)
appsensor-ui | 2020-02-27 07:37:18.058 INFO 1 --- [ost-startStop-1] o.f.core.internal.command.DbValidate : Validated 1 migration (execution time 00:00.030s)
appsensor-ui | 2020-02-27 07:37:18.088 INFO 1 --- [ost-startStop-1] o.f.core.internal.command.DbMigrate : Current version of schema `appsensor`: 1
appsensor-ui | 2020-02-27 07:37:18.089 INFO 1 --- [ost-startStop-1] o.f.core.internal.command.DbMigrate : Schema `appsensor` is up to date. No migration necessary.
appsensor-ui | 2020-02-27 07:37:18.280 INFO 1 --- [ost-startStop-1] j.LocalContainerEntityManagerFactoryBean : Building JPA container EntityManagerFactory for persistence unit 'default'
appsensor-ui | 2020-02-27 07:37:18.293 INFO 1 --- [ost-startStop-1] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [
appsensor-ui | name: default
appsensor-ui | ...]
appsensor-ui | 2020-02-27 07:37:18.377 INFO 1 --- [ost-startStop-1] org.hibernate.Version : HHH000412: Hibernate Core {4.3.11.Final}
appsensor-ui | 2020-02-27 07:37:18.385 INFO 1 --- [ost-startStop-1] org.hibernate.cfg.Environment : HHH000206: hibernate.properties not found
appsensor-ui | 2020-02-27 07:37:18.387 INFO 1 --- [ost-startStop-1] org.hibernate.cfg.Environment : HHH000021: Bytecode provider name : javassist
appsensor-ui | 2020-02-27 07:37:18.848 INFO 1 --- [ost-startStop-1] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {4.0.5.Final}
appsensor-ui | 2020-02-27 07:37:18.947 INFO 1 --- [ost-startStop-1] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQLDialect
appsensor-ui | 2020-02-27 07:37:19.179 INFO 1 --- [ost-startStop-1] o.h.h.i.ast.ASTQueryTranslatorFactory : HHH000397: Using ASTQueryTranslatorFactory
appsensor-ui | 2020-02-27 07:37:21.278 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/trace],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.279 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/env/{name:.*}],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EnvironmentMvcEndpoint.value(java.lang.String)
appsensor-ui | 2020-02-27 07:37:21.279 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/env],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.280 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/health]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint.invoke(java.security.Principal)
appsensor-ui | 2020-02-27 07:37:21.280 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/info],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.280 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/dump],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.280 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/beans],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.281 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/configprops],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.281 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/autoconfig],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.281 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/metrics/{name:.*}],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.MetricsMvcEndpoint.value(java.lang.String)
appsensor-ui | 2020-02-27 07:37:21.282 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/metrics],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.282 INFO 1 --- [ost-startStop-1] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/mappings],methods=[GET]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
appsensor-ui | 2020-02-27 07:37:21.451 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/css/**'], []
appsensor-ui | 2020-02-27 07:37:21.451 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/js/**'], []
appsensor-ui | 2020-02-27 07:37:21.451 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/images/**'], []
appsensor-ui | 2020-02-27 07:37:21.451 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/**/favicon.ico'], []
appsensor-ui | 2020-02-27 07:37:21.451 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/error'], []
appsensor-ui | 2020-02-27 07:37:21.523 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@29263994, org.springframework.security.web.context.SecurityContextPersistenceFilter@78c50e09, org.springframework.security.web.header.HeaderWriterFilter@782366f1, org.springframework.security.web.csrf.CsrfFilter@4e3a9e58, org.springframework.security.web.authentication.logout.LogoutFilter@65b7c9e2, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1cbaaad0, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2fdc3586, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@733ca95e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6083ea4a, org.springframework.security.web.session.SessionManagementFilter@659078d, org.springframework.security.web.access.ExceptionTranslationFilter@3f1587c4, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4d73f2b5]
appsensor-ui | 2020-02-27 07:37:21.531 INFO 1 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/health'], Ant [pattern='/health/**'], Ant [pattern='/health.*'], Ant [pattern='/info'], Ant [pattern='/info/**'], Ant [pattern='/info.*'], Ant [pattern='/trace'], Ant [pattern='/trace/**'], Ant [pattern='/trace.*'], Ant [pattern='/env'], Ant [pattern='/env/**'], Ant [pattern='/env.*'], Ant [pattern='/dump'], Ant [pattern='/dump/**'], Ant [pattern='/dump.*'], Ant [pattern='/beans'], Ant [pattern='/beans/**'], Ant [pattern='/beans.*'], Ant [pattern='/configprops'], Ant [pattern='/configprops/**'], Ant [pattern='/configprops.*'], Ant [pattern='/autoconfig'], Ant [pattern='/autoconfig/**'], Ant [pattern='/autoconfig.*'], Ant [pattern='/metrics'], Ant [pattern='/metrics/**'], Ant [pattern='/metrics.*'], Ant [pattern='/mappings'], Ant [pattern='/mappings/**'], Ant [pattern='/mappings.*']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@46d009f3, org.springframework.security.web.context.SecurityContextPersistenceFilter@490aca92, org.springframework.security.web.header.HeaderWriterFilter@57da4942, org.springframework.security.web.authentication.logout.LogoutFilter@2160c33, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@5f5766a5, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@71e0f13e, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@74753619, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@281d3e26, org.springframework.security.web.session.SessionManagementFilter@3e590985, org.springframework.security.web.access.ExceptionTranslationFilter@149598fd, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@72038413]
appsensor-ui | 2020-02-27 07:37:21.683 INFO 1 --- [ost-startStop-1] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'metricsExecutor'
appsensor-ui | 2020-02-27 07:37:21.905 INFO 1 --- [ost-startStop-1] o.s.b.c.e.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/]
appsensor-ui | 2020-02-27 07:37:21.911 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'metricFilter' to: [/*]
appsensor-ui | 2020-02-27 07:37:21.912 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/*]
appsensor-ui | 2020-02-27 07:37:21.912 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
appsensor-ui | 2020-02-27 07:37:21.912 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'webRequestLoggingFilter' to: [/*]
appsensor-ui | 2020-02-27 07:37:21.912 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'associatedApplicationsFilter' to: [/*]
appsensor-ui | 2020-02-27 07:37:21.913 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
appsensor-ui | 2020-02-27 07:37:21.913 INFO 1 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'applicationContextIdFilter' to: [/*]
appsensor-ui | 2020-02-27 07:37:22.479 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'clientInboundChannelExecutor'
appsensor-ui | 2020-02-27 07:37:22.483 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'clientOutboundChannelExecutor'
appsensor-ui | 2020-02-27 07:37:24.457 INFO 1 --- [ main] o.o.a.u.w.WebSocketReportingEngineFacade : Connected ... 0
appsensor-ui | 2020-02-27 07:37:24.459 INFO 1 --- [ main] o.o.a.u.w.WebSocketReportingEngineFacade : Connected to websocket host [%s]
appsensor-rest-server | Opened connection with client: 0
appsensor-ui | 2020-02-27 07:37:24.569 INFO 1 --- [ main] o.s.s.c.ThreadPoolTaskScheduler : Initializing ExecutorService 'messageBrokerSockJsTaskScheduler'
appsensor-ui | 2020-02-27 07:37:24.648 INFO 1 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/appsensor-websocket/**] onto handler of type [class org.springframework.web.socket.sockjs.support.SockJsHttpRequestHandler]
appsensor-ui | 2020-02-27 07:37:24.696 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'brokerChannelExecutor'
appsensor-ui | 2020-02-27 07:37:25.098 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3195b7f2: startup date [Thu Feb 27 07:37:11 GMT 2020]; root of context hierarchy
appsensor-ui | 2020-02-27 07:37:25.179 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/configuration/server-config-base64],methods=[GET]}" onto public org.owasp.appsensor.core.KeyValuePair org.owasp.appsensor.ui.controller.ConfigurationController.getBase64EncodedServerConfiguration()
appsensor-ui | 2020-02-27 07:37:25.180 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/configuration/server-config],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ConfigurationController.getServerConfiguration()
appsensor-ui | 2020-02-27 07:37:25.181 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/dashboard/by-time-frame],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.ui.controller.DashboardController$TimeFrameItem> org.owasp.appsensor.ui.controller.DashboardController.byTimeFrame()
appsensor-ui | 2020-02-27 07:37:25.181 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/dashboard/by-category],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.ui.controller.DashboardController$CategoryItem> org.owasp.appsensor.ui.controller.DashboardController.byCategory(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.182 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/events/grouped],methods=[GET]}" onto public org.owasp.appsensor.ui.controller.DashboardController$ViewObject org.owasp.appsensor.ui.controller.DashboardController.groupedEvents(java.lang.String,int)
appsensor-ui | 2020-02-27 07:37:25.182 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/responses/active],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Response> org.owasp.appsensor.ui.controller.DashboardController.activeResponses(java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.183 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/dashboard/all],methods=[GET]}" onto public java.util.Map<java.lang.String, java.lang.Object> org.owasp.appsensor.ui.controller.DashboardController.allContent(java.lang.String,int,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.184 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/grouped],methods=[GET]}" onto public org.owasp.appsensor.ui.controller.DetectionPointController$ViewObject org.owasp.appsensor.ui.controller.DetectionPointController.groupedDetectionPoints(java.lang.String,java.lang.String,int)
appsensor-ui | 2020-02-27 07:37:25.184 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/top-users],methods=[GET]}" onto public java.util.Map<java.lang.String, java.lang.Long> org.owasp.appsensor.ui.controller.DetectionPointController.topUsers(java.lang.String,java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.185 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/top],methods=[GET]}" onto public java.util.Map<java.lang.String, java.lang.Long> org.owasp.appsensor.ui.controller.DetectionPointController.topDetectionPoints(java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.186 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/latest-events],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Event> org.owasp.appsensor.ui.controller.DetectionPointController.recentEvents(java.lang.String,java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.186 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/by-time-frame],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.ui.controller.DetectionPointController$TimeFrameItem> org.owasp.appsensor.ui.controller.DetectionPointController.byTimeFrame(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.186 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/configuration],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.DetectionPointController.configuration(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.187 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/all],methods=[GET]}" onto public java.util.Map<java.lang.String, java.lang.Object> org.owasp.appsensor.ui.controller.DetectionPointController.allContent(java.lang.String,java.lang.String,java.lang.Long,int)
appsensor-ui | 2020-02-27 07:37:25.187 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/latest-attacks],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Attack> org.owasp.appsensor.ui.controller.DetectionPointController.recentAttacks(java.lang.String,java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.187 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/detection-points/{label}/by-client-application],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.DetectionPointController.byClientApplication(java.lang.String,java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.188 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ErrorExceptionController.error()
appsensor-ui | 2020-02-27 07:37:25.189 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/events],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Event> org.owasp.appsensor.ui.controller.SearchController.findEvents(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.189 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/attacks],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Attack> org.owasp.appsensor.ui.controller.SearchController.findAttacks(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.189 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/responses],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Response> org.owasp.appsensor.ui.controller.SearchController.findResponses(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.189 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/events/count],methods=[GET]}" onto public int org.owasp.appsensor.ui.controller.SearchController.countEvents(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.189 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/attacks/count],methods=[GET]}" onto public int org.owasp.appsensor.ui.controller.SearchController.countAttacks(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.189 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/responses/count],methods=[GET]}" onto public int org.owasp.appsensor.ui.controller.SearchController.countResponses(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.190 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/trends/by-time-frame],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.ui.controller.TrendsDashboardController$TrendItem> org.owasp.appsensor.ui.controller.TrendsDashboardController.countEvents()
appsensor-ui | 2020-02-27 07:37:25.190 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/top],methods=[GET]}" onto public java.util.Map<java.lang.String, java.lang.Long> org.owasp.appsensor.ui.controller.UserController.topUsers(java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.191 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/latest-events],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Event> org.owasp.appsensor.ui.controller.UserController.recentEvents(java.lang.String,java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.191 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/grouped],methods=[GET]}" onto public org.owasp.appsensor.ui.controller.UserController$ViewObject org.owasp.appsensor.ui.controller.UserController.groupedUsers(java.lang.String,java.lang.String,int)
appsensor-ui | 2020-02-27 07:37:25.191 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/latest-responses],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Response> org.owasp.appsensor.ui.controller.UserController.recentResponses(java.lang.String,java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.191 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/by-time-frame],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.ui.controller.UserController$TimeFrameItem> org.owasp.appsensor.ui.controller.UserController.byTimeFrame(java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.191 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/active-responses],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Response> org.owasp.appsensor.ui.controller.UserController.activeResponses(java.lang.String,java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.192 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/all],methods=[GET]}" onto public java.util.Map<java.lang.String, java.lang.Object> org.owasp.appsensor.ui.controller.UserController.allContent(java.lang.String,java.lang.String,java.lang.Long,int)
appsensor-ui | 2020-02-27 07:37:25.192 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/latest-attacks],methods=[GET]}" onto public java.util.Collection<org.owasp.appsensor.core.Attack> org.owasp.appsensor.ui.controller.UserController.recentAttacks(java.lang.String,java.lang.String,java.lang.Long)
appsensor-ui | 2020-02-27 07:37:25.192 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/users/{username}/by-client-application],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.UserController.byClientApplication(java.lang.String,java.lang.String)
appsensor-ui | 2020-02-27 07:37:25.193 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/trends-dashboard],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.trendsDashboard()
appsensor-ui | 2020-02-27 07:37:25.193 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.login(java.util.Map<java.lang.String, java.lang.Object>,javax.servlet.http.HttpServletRequest)
appsensor-ui | 2020-02-27 07:37:25.193 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/ping],methods=[GET]}" onto public boolean org.owasp.appsensor.ui.controller.ViewsController.keepalive()
appsensor-ui | 2020-02-27 07:37:25.194 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/configuration],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.configuration()
appsensor-ui | 2020-02-27 07:37:25.194 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/users/{username}],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.user(java.lang.String,java.util.Map<java.lang.String, java.lang.Object>)
appsensor-ui | 2020-02-27 07:37:25.194 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/geo-map],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.geoMap()
appsensor-ui | 2020-02-27 07:37:25.194 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.dashboard()
appsensor-ui | 2020-02-27 07:37:25.195 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/about],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.about()
appsensor-ui | 2020-02-27 07:37:25.195 INFO 1 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/detection-points/{label}],methods=[GET]}" onto public java.lang.String org.owasp.appsensor.ui.controller.ViewsController.detectionPoint(java.lang.String,java.util.Map<java.lang.String, java.lang.Object>)
appsensor-ui | 2020-02-27 07:37:25.261 INFO 1 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
appsensor-ui | 2020-02-27 07:37:25.261 INFO 1 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
appsensor-ui | 2020-02-27 07:37:25.288 INFO 1 --- [ main] .m.m.a.ExceptionHandlerExceptionResolver : Detected @ExceptionHandler methods in globalControllerExceptionHandler
appsensor-ui | 2020-02-27 07:37:25.330 INFO 1 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
appsensor-ui | 2020-02-27 07:37:25.919 INFO 1 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
appsensor-ui | 2020-02-27 07:37:25.932 INFO 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Starting beans in phase 0
appsensor-ui | 2020-02-27 07:37:26.013 INFO 1 --- [ main] o.s.c.support.DefaultLifecycleProcessor : Starting beans in phase 2147483647
appsensor-ui | 2020-02-27 07:37:26.014 INFO 1 --- [ main] o.s.m.s.b.SimpleBrokerMessageHandler : Starting...
appsensor-ui | 2020-02-27 07:37:26.014 INFO 1 --- [ main] o.s.m.s.b.SimpleBrokerMessageHandler : BrokerAvailabilityEvent[available=true, SimpleBroker[DefaultSubscriptionRegistry[cache[0 destination(s)], registry[0 sessions]]]]
appsensor-ui | 2020-02-27 07:37:26.015 INFO 1 --- [ main] o.s.m.s.b.SimpleBrokerMessageHandler : Started.
appsensor-ui | 2020-02-27 07:37:26.091 INFO 1 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8084 (http)
appsensor-ui | 2020-02-27 07:37:26.093 INFO 1 --- [ main] o.o.appsensor.AppsensorUiApplication : Started AppsensorUiApplication in 14.866 seconds (JVM running for 15.602)
appsensor-ui | 2020-02-27 07:38:24.683 INFO 1 --- [eBrokerSockJS-1] o.s.w.s.c.WebSocketMessageBrokerStats : WebSocketSession[0 current WS(0)-HttpStream(0)-HttpPoll(0), 0 total, 0 closed abnormally (0 connect failure, 0 send limit, 0 transport error)], stompSubProtocol[processed CONNECT(0)-CONNECTED(0)-DISCONNECT(0)], stompBrokerRelay[null], inboundChannel[pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0], outboundChannelpool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0], sockJsScheduler[pool size = 4, active threads = 1, queued tasks = 1, completed tasks = 12]
Now adding an event (access a secured ressource without JWT header)from the way shown above:
Server:
appsensor-rest-server | 07:39:58.703 [http-nio-31085-exec-2] WARN o.o.a.s.m.InMemoryEventStore - Security event AE1 triggered by user: Unknown
appsensor-rest-server | 07:39:58.838 [http-nio-31085-exec-2] INFO o.o.a.a.ReferenceEventAnalysisEngine - Violation Observed for user <Unknown> - storing attack
appsensor-rest-server | 07:39:58.839 [http-nio-31085-exec-2] WARN o.o.a.s.m.InMemoryAttackStore - Security attack AE1 triggered by user: Unknown
appsensor-rest-server | 07:39:58.840 [http-nio-31085-exec-2] INFO o.o.a.a.ReferenceAttackAnalysisEngine - Response set for user <Unknown> - storing response action disableUser
appsensor-rest-server | 07:39:58.840 [http-nio-31085-exec-2] WARN o.o.a.s.m.InMemoryResponseStore - Security response disableUser triggered for user: Unknown
appsensor-rest-server | 07:39:58.840 [http-nio-31085-exec-2] INFO o.o.a.a.ReferenceResponseAnalysisEngine - NO-OP Response for user <Unknown> - should be executing response action disableUser
appsensor-rest-server | 07:39:58.840 [http-nio-31085-exec-2] INFO o.o.a.r.SimpleLoggingReportingEngine - Reporter observed response for user [Unknown]
appsensor-rest-server | 07:39:58.840 [http-nio-31085-exec-2] INFO o.o.a.i.c.s.CefSyslogEmitter - Security response disableUser created for user: Unknown
appsensor-rest-server | Opened connection with client: 1
appsensor-rest-server | 07:39:58.902 [http-nio-31085-exec-2] INFO o.o.a.r.WebSocketReportingEngine - Connected ... 2
appsensor-rest-server | started and connected
appsensor-rest-server | 07:39:58.947 [http-nio-31085-exec-2] INFO o.o.a.r.WebSocketReportingEngine - Reporter observed response for user [Unknown]
appsensor-rest-server | 07:39:58.947 [http-nio-31085-exec-2] INFO o.o.a.r.SimpleLoggingReportingEngine - Reporter observed attack by user [Unknown]
appsensor-rest-server | New message from Client 1: {"dataType":"response","dataValue":{"user":{"username":"Unknown","ipAddress":{"address":"10.17.2.113","geoLocation":{"latitude":0.0,"longitude":0.0}}},"timestamp":"2020-02-27T07:39:58.154Z","action":"disableUser","detectionSystem":{"detectionSystemId":"clientapp","ipAddress":{"address":"10.10.10.5","geoLocation":{"latitude":52.629678,"longitude":-7.873585}}},"metadata":[],"active":false}}
appsensor-rest-server | 07:39:58.948 [http-nio-31085-exec-2] INFO o.o.a.i.c.s.CefSyslogEmitter - Security attack AE1 triggered by user: Unknown
appsensor-rest-server | 07:39:58.999 [http-nio-31085-exec-2] INFO o.o.a.r.WebSocketReportingEngine - Reporter observed attack by user [Unknown]
appsensor-rest-server | 07:39:59.000 [http-nio-31085-exec-2] INFO o.o.a.r.SimpleLoggingReportingEngine - Reporter observed event by user [Unknown]
appsensor-rest-server | 07:39:59.000 [http-nio-31085-exec-2] INFO o.o.a.i.c.s.CefSyslogEmitter - Security event AE1 triggered by user: Unknown
appsensor-rest-server | New message from Client 1: {"dataType":"attack","dataValue":{"user":{"username":"Unknown","ipAddress":{"address":"10.17.2.113","geoLocation":{"latitude":0.0,"longitude":0.0}}},"detectionPoint":{"category":"Authentication","label":"AE1","threshold":{"count":1,"interval":{"duration":50,"unit":"seconds"}},"responses":[{"action":"disableUser","metadata":[],"active":false}]},"timestamp":"2020-02-27T07:39:58.154Z","detectionSystem":{"detectionSystemId":"clientapp","ipAddress":{"address":"10.10.10.5","geoLocation":{"latitude":52.629678,"longitude":-7.873585}}},"metadata":[]}}
appsensor-rest-server | 07:39:59.018 [http-nio-31085-exec-2] INFO o.o.a.r.WebSocketReportingEngine - Reporter observed event by user [Unknown]
appsensor-rest-server | New message from Client 1: {"dataType":"event","dataValue":{"user":{"username":"Unknown","ipAddress":{"address":"10.17.2.113","geoLocation":{"latitude":0.0,"longitude":0.0}}},"detectionPoint":{"category":"Authentication","label":"AE1","responses":[]},"timestamp":"2020-02-27T07:39:58.154Z","detectionSystem":{"detectionSystemId":"clientapp","ipAddress":{"address":"10.10.10.5","geoLocation":{"latitude":52.629678,"longitude":-7.873585}}},"metadata":[{"key":"Endpoint","value":"http://localhost:30081/api/v1/risks/ce6b7e0f-7f88-4b26-b8a1-3060eff1351c"},{"key":"Vector","value":"Vollst▒ndige Authentifikation wird ben▒tigt um auf diese Resource zuzugreifen"}]}}
Now I call the UI:
appsensor-ui | 2020-02-27 07:40:57.255 INFO 1 --- [nio-8084-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
appsensor-ui | 2020-02-27 07:40:57.255 INFO 1 --- [nio-8084-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
appsensor-ui | 2020-02-27 07:40:57.289 INFO 1 --- [nio-8084-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 34 ms
appsensor-ui | 2020-02-27 07:40:57.333 INFO 1 --- [nio-8084-exec-2] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Feb 27 07:40:57 GMT 2020, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]
appsensor-ui | 2020-02-27 07:40:57.333 INFO 1 --- [nio-8084-exec-1] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Feb 27 07:40:57 GMT 2020, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]
appsensor-ui | 2020-02-27 07:41:13.598 INFO 1 --- [nio-8084-exec-7] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Feb 27 07:41:13 GMT 2020, principal=analyst, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.18.0.1; SessionId: CB5AB6C67D882ED2F9155D73A1E76D24}]
appsensor-ui | 2020-02-27 07:41:13.599 INFO 1 --- [nio-8084-exec-7] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Feb 27 07:41:13 GMT 2020, principal=analyst, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.18.0.1; SessionId: CB5AB6C67D882ED2F9155D73A1E76D24}]
appsensor-ui | 2020-02-27 07:41:13.601 INFO 1 --- [nio-8084-exec-7] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Feb 27 07:41:13 GMT 2020, principal=analyst, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 172.18.0.1; SessionId: CB5AB6C67D882ED2F9155D73A1E76D24}]
appsensor-ui | 2020-02-27 07:41:13.879 INFO 1 --- [nio-8084-exec-7] ApplicationsAuthenticationSuccessHandler : Successful authentication for user: User [username=analyst, userAuthorities=[], groups=[Group [id=1, name=ANALYST, authorities=[Authority [id=4, name=VIEW_DATA], Authority [id=2, name=VIEW_CONFIGURATION]]]], clientApplications=[clientapp, myclientapp, myclientgeoapp1, myclientgeoapp2, myclientgeoapp3]]
appsensor-ui | 2020-02-27 07:41:15.187 INFO 1 --- [nio-8084-exec-8] o.o.a.ui.rest.RestReportingEngineFacade : Making REST call to "http://appsensor-rest-server:31085/api/v1.0/reports/responses?earliest=2020-02-27T07:41:15%2B01:00" with header name: "X-Appsensor-Client-Application-Name" and value: "clientapp"
appsensor-ui | 2020-02-27 07:41:15.503 INFO 1 --- [nio-8084-exec-8] o.o.a.ui.rest.RestReportingEngineFacade : REST call success to "http://appsensor-rest-server:31085/api/v1.0/reports/responses?earliest=2020-02-27T07:41:15%2B01:00" with header name: "X-Appsensor-Client-Application-Name" and value: "clientapp"
appsensor-ui | 2020-02-27 07:41:15.584 INFO 1 --- [nio-8084-exec-8] o.o.a.ui.rest.RestReportingEngineFacade : Making REST call to http://appsensor-rest-server:31085 ... with path of /api/v1.0/reports/events
appsensor-ui | 2020-02-27 07:41:15.609 INFO 1 --- [nio-8084-exec-8] o.o.a.ui.rest.RestReportingEngineFacade : Making REST call to http://appsensor-rest-server:31085 ... with path of /api/v1.0/reports/attacks
appsensor-ui | 2020-02-27 07:41:15.649 ERROR 1 --- [nio-8084-exec-8] o.o.a.u.h.AssociatedApplicationsFilter : Error setting associated applications.
appsensor-ui |
appsensor-ui | org.springframework.web.util.NestedServletException: Request processing failed; nested exception is javax.ws.rs.ProcessingException: Error reading entity from input stream.
appsensor-ui | at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:979)
appsensor-ui | at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)
appsensor-ui | at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
appsensor-ui | at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
appsensor-ui | at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration$ApplicationContextHeaderFilter.doFilterInternal(EndpointWebMvcAutoConfiguration.java:295)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
appsensor-ui | at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
appsensor-ui | at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
appsensor-ui | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
appsensor-ui | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.owasp.appsensor.ui.handler.AssociatedApplicationsFilter.doFilter(AssociatedApplicationsFilter.java:31)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:102)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:69)
appsensor-ui | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
appsensor-ui | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
appsensor-ui | at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
appsensor-ui | at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
appsensor-ui | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
appsensor-ui | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
appsensor-ui | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
appsensor-ui | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
appsensor-ui | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
appsensor-ui | at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
appsensor-ui | at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
appsensor-ui | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526)
appsensor-ui | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482)
appsensor-ui | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
appsensor-ui | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
appsensor-ui | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
appsensor-ui | at java.lang.Thread.run(Thread.java:748)
appsensor-ui | Caused by: javax.ws.rs.ProcessingException: Error reading entity from input stream.
appsensor-ui | at org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:866)
appsensor-ui | at org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:810)
appsensor-ui | at org.glassfish.jersey.client.ClientResponse.readEntity(ClientResponse.java:368)
appsensor-ui | at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:846)
appsensor-ui | at org.glassfish.jersey.client.JerseyInvocation.access$600(JerseyInvocation.java:91)
appsensor-ui | at org.glassfish.jersey.client.JerseyInvocation$3.call(JerseyInvocation.java:705)
appsensor-ui | at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
appsensor-ui | at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
appsensor-ui | at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
appsensor-ui | at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:424)
appsensor-ui | at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:701)
appsensor-ui | at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
appsensor-ui | at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
appsensor-ui | at org.owasp.appsensor.ui.rest.RestReportingEngineFacade.findAttacks(RestReportingEngineFacade.java:93)
appsensor-ui | at org.owasp.appsensor.ui.rest.RestReportingEngineFacade$$FastClassBySpringCGLIB$$5b83c141.invoke(<generated>)
appsensor-ui | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
appsensor-ui | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717)
appsensor-ui | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
appsensor-ui | at org.springframework.cache.interceptor.CacheInterceptor$1.invoke(CacheInterceptor.java:52)
appsensor-ui | at org.springframework.cache.interceptor.CacheAspectSupport.invokeOperation(CacheAspectSupport.java:317)
appsensor-ui | at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:350)
appsensor-ui | at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:299)
appsensor-ui | at org.springframework.cache.interceptor.CacheInterceptor.invoke(CacheInterceptor.java:61)
appsensor-ui | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
appsensor-ui | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
appsensor-ui | at org.owasp.appsensor.ui.rest.RestReportingEngineFacade$$EnhancerBySpringCGLIB$$2a8ced78.findAttacks(<generated>)
appsensor-ui | at org.owasp.appsensor.ui.controller.DashboardController.byCategory(DashboardController.java:124)
appsensor-ui | at org.owasp.appsensor.ui.controller.DashboardController.allContent(DashboardController.java:56)
appsensor-ui | at org.owasp.appsensor.ui.controller.DashboardController$$FastClassBySpringCGLIB$$41fbf83.invoke(<generated>)
appsensor-ui | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
appsensor-ui | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717)
appsensor-ui | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
appsensor-ui | at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
appsensor-ui | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
appsensor-ui | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
appsensor-ui | at org.owasp.appsensor.ui.controller.DashboardController$$EnhancerBySpringCGLIB$$648a8629.allContent(<generated>)
appsensor-ui | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
appsensor-ui | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
appsensor-ui | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
appsensor-ui | at java.lang.reflect.Method.invoke(Method.java:498)
appsensor-ui | at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
appsensor-ui | at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
appsensor-ui | at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
appsensor-ui | at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776)
appsensor-ui | at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705)
appsensor-ui | at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
appsensor-ui | at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
appsensor-ui | at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
appsensor-ui | at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
appsensor-ui | ... 80 common frames omitted
appsensor-ui | Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "name" (class org.owasp.appsensor.core.Attack), not marked as ignorable (8 known properties: "detectionSystem", "timestamp", "id", "detectionPoint", "user", "rule", "resource", "metadata"])
appsensor-ui | at [Source: org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream@5c41b56; line: 1, column: 512] (through reference chain: java.util.ArrayList[0]->org.owasp.appsensor.core.Attack["name"])
appsensor-ui | at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:51)
appsensor-ui | at com.fasterxml.jackson.databind.DeserializationContext.reportUnknownProperty(DeserializationContext.java:744)
appsensor-ui | at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:915)
appsensor-ui | at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1306)
appsensor-ui | at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1284)
appsensor-ui | at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:243)
appsensor-ui | at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:118)
appsensor-ui | at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:232)
appsensor-ui | at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:206)
appsensor-ui | at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:25)
appsensor-ui | at com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:1232)
appsensor-ui | at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:676)
appsensor-ui | at com.fasterxml.jackson.jaxrs.base.ProviderBase.readFrom(ProviderBase.java:777)
appsensor-ui | at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.invokeReadFrom(ReaderInterceptorExecutor.java:264)
appsensor-ui | at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.aroundReadFrom(ReaderInterceptorExecutor.java:234)
appsensor-ui | at org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:154)
appsensor-ui | at org.glassfish.jersey.message.internal.MessageBodyFactory.readFrom(MessageBodyFactory.java:1124)
appsensor-ui | at org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:851)
appsensor-ui | ... 128 common frames omitted
appsensor-ui |
That are the logs.
Additionally, my app-sensor-server-config. For demo purposes, all thresholds are set to 1:
<?xml version="1.0" encoding="UTF-8"?>
<appsensor-server-config xmlns="https://www.owasp.org/index.php/OWASP_AppSensor_Project/xsd/appsensor_server_config_2.0.xsd">
<client-application-identification-header-name>X-Appsensor-Client-Application-Name</client-application-identification-header-name>
<geolocation enabled="true" databasePath="src/main/resources/GeoLite2-City.mmdb" />
<client-applications>
<client-application>
<name>clientapp</name>
<roles>
<role>ADD_EVENT</role>
<role>ADD_ATTACK</role>
<role>GET_RESPONSES</role>
<role>EXECUTE_REPORT</role>
</roles>
<ip-address latitude="52.629678" longitude="-7.873585">10.10.10.5</ip-address>
</client-application>
</client-applications>
<detection-points>
<detection-point>
<category>Input Validation</category>
<id>IE1</id>
<threshold>
<count>1</count>
<interval unit="minutes">1</interval>
</threshold>
<responses>
<response>
<action>disableUser</action>
</response>
</responses>
</detection-point>
<detection-point>
<category>Input Validation</category>
<id>IE2</id>
<threshold>
<count>1</count>
<interval unit="seconds">30</interval>
</threshold>
<responses>
<response>
<action>disableUser</action>
</response>
</responses>
</detection-point>
<detection-point>
<category>Request</category>
<id>RE3</id>
<threshold>
<count>1</count>
<interval unit="seconds">40</interval>
</threshold>
<responses>
<response>
<action>disableUser</action>
</response>
</responses>
</detection-point>
<detection-point>
<category>Authentication</category>
<id>AE1</id>
<threshold>
<count>1</count>
<interval unit="seconds">50</interval>
</threshold>
<responses>
<response>
<action>disableUser</action>
</response>
</responses>
</detection-point>
<detection-point>
<category>Authentication</category>
<id>AE2</id>
<threshold>
<count>1</count>
<interval unit="seconds">50</interval>
</threshold>
<responses>
<response>
<action>disableUser</action>
</response>
</responses>
</detection-point>
<detection-point>
<category>Access Control</category>
<id>ACE1</id>
<threshold>
<count>2</count>
<interval unit="seconds">50</interval>
</threshold>
<responses>
<response>
<action>disableUser</action>
</response>
</responses>
</detection-point>
</detection-points>
</appsensor-server-config>
from appsensor.
Related Issues (20)
- Error: While performing step 6 Start REST Client Data Generator HOT 3
- Error: while building appsensor ui HOT 2
- Bug in org.owasp.appsensor.storage.jpa2.dao.AttackRepository
- Dependency check version outdatet --> 404 on NVD
- org.hibernate.LazyInitializationException when running sample app and ui
- 204 no content as response to events
- Looking for instructions to run the sample app with AppSensor UI with docker compose
- Custom detection points are not looked up for possible responses HOT 1
- Using AppSensor with my C# ASP.NET Web application HOT 19
- MySQL setup script not working? HOT 5
- appsensor-ui cannot connect to database. HOT 4
- Q: Production ready? HOT 3
- appsensor-ui view by user and detection points fails HOT 5
- simple-dashboard earliest HOT 1
- org.owasp.appsensor.core.IPAddress does not work properly HOT 3
- Error when using REST API (page requires sending configured client header) HOT 2
- How to edit the login page HOT 4
- Explain the configuration difference between ws-rest-server-boot & ws-rest-server-boot-rules HOT 8
- Difficulties understanding the non-local AppSensor implementations HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appsensor.