Actuator auditevent doesn't work for Oauth audits.

[kwang1]

Summary

I am implementing a Spring Cloud Gateway with Oauth2 authentication. Since the Spring Cloud Gateway is based on reactive streams model, so only Spring Security 5.1.1 or above can be used.

When the gateway is working now, I found the Spring Actuator doesn't audit any login/logout activities.

Actual Behavior

Actuator doesn't trigger any authentication events. I got this by fetching uri /auditevents endpoint.

Expected Behavior

I expect the login/logout events can be triggered and I can fetch them by endpoint /auditevents.

Configuration

buildscript {
  ext {
    artifactoryUrl = ""
    repos = {
      maven {
        url "${artifactoryUrl}/libs-release"
        credentials {
          username "$artifactoryUser"
          password "$artifactoryPassword"
        }
      }
      maven {
        url "https://repo.spring.io/snapshot"
      }
      maven {
        url "https://repo.spring.io/milestone"
      }
    }
  }
  ext['spring-security.version'] = '5.1.1.RELEASE'
  repositories repos

  dependencies {
    //TODO the version should be upgrade to 2.1.0.RELEASE when Spring Gateway 2.1.0.RC is released
    classpath group: 'org.springframework.boot', name: 'spring-boot-gradle-plugin', version: '2.1.0.M3'
  }
}

plugins {
  id 'java'
}

apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

repositories repos

group 'example'
version '0.0.1-SNAPSHOT'
sourceCompatibility = 1.8
targetCompatibility = 1.8

dependencyManagement {
  imports {
    //TODO this should be upgraded to release version.
    mavenBom "org.springframework.cloud:spring-cloud-dependencies:Greenwich.M1"
  }
}

dependencies {
  implementation("org.springframework.boot:spring-boot-starter-actuator")
  implementation("org.springframework.cloud:spring-cloud-starter")
  implementation("org.springframework.cloud:spring-cloud-starter-gateway")
  implementation("org.springframework.cloud:spring-cloud-starter-netflix-hystrix")
  implementation("org.springframework.boot:spring-boot-starter-webflux")
  implementation("org.springframework.boot:spring-boot-starter-security")
  implementation("org.springframework.cloud:spring-cloud-starter-sleuth")

  implementation("org.springframework.security:spring-security-oauth2-jose")
  implementation("org.springframework.security:spring-security-oauth2-client")

    implementation("org.springframework.cloud:spring-cloud-starter-contract-stub-runner") {
        exclude group: "org.springframework.boot", module: "spring-boot-starter-web"
    }

  implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.8.1'

  testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test'
  testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api' //, version: '5.1.0'
  testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine' //, version: '5.1.0'
  testImplementation group: 'com.jayway.jsonpath', name: 'json-path-assert'
  testImplementation group: 'org.assertj', name: 'assertj-core'
  testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic'
}

Version

Spring Security : 5.1.1.RELEASE
Spring Cloud: Greenwich.M1
Spring Boot: 2.1.0.M3

[rwinch]

Thanks for the report @kwang1! This is a duplicate of #4961

I'm closing this as a duplicate. If you disagree, please comment/reopen.

[kwang1]

Thanks @rwinch .