diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java index b048b98a464..8e0ed020dba 100644 --- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java +++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java @@ -288,6 +288,12 @@ private Flow onLoginEvent( segment.setTagTop("_dd.appsec.events." + eventName + ".auto.mode", mode.fullName(), true); } + if (exists != null) { + if (mode == SDK || ctx.getUserLoginSource() != SDK) { + segment.setTagTop("appsec.events." + eventName + ".usr.exists", exists, true); + } + } + final String user = anonymizeUser(mode, originalUser); if (user == null) { // can happen in custom events @@ -312,10 +318,6 @@ private Flow onLoginEvent( segment.setTagTop("_dd.appsec.user.collection_mode", mode.fullName()); } - if (exists != null) { - segment.setTagTop("appsec.events." + eventName + ".usr.exists", exists, true); - } - // update user span tags segment.setTagTop("appsec.events." + eventName + ".usr.login", user, true); diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy index 0aa8fcdd83c..31e87449c92 100644 --- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy +++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy @@ -1320,6 +1320,21 @@ class GatewayBridgeSpecification extends DDSpecification { 0 * eventDispatcher.publishDataEvent } + void 'test onUserNotFound'() { + setup: + eventDispatcher.getDataSubscribers(_) >> nonEmptyDsInfo + + when: + loginEventCB.apply(ctx, IDENTIFICATION, 'users.login.failure', exists, null, null) + + then: + 1 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.exists', exists, true) + 0 * eventDispatcher.publishDataEvent + + where: + exists << [true, false] + } + void 'test configuration updates should reset cached subscriptions'() { when: requestSessionCB.apply(ctx, UUID.randomUUID().toString()) diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy index 2f4144901de..9872914df7e 100644 --- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy +++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy @@ -198,7 +198,7 @@ class AppSecEventTrackerSpecification extends DDSpecification { then: if (mode != DISABLED) { - 1 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.exists', false) + 1 * loginEvent.apply(_ as RequestContext, mode, 'users.login.failure', false, null, null) >> NoopFlow.INSTANCE } 0 * _ diff --git a/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java b/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java index a274bd1983c..9e2a49527d7 100644 --- a/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java +++ b/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java @@ -14,7 +14,6 @@ import datadog.trace.api.gateway.Flow; import datadog.trace.api.gateway.RequestContext; import datadog.trace.api.gateway.RequestContextSlot; -import datadog.trace.api.internal.TraceSegment; import datadog.trace.bootstrap.ActiveSubsystems; import datadog.trace.bootstrap.instrumentation.api.AgentSpan; import datadog.trace.bootstrap.instrumentation.api.AgentTracer; @@ -63,15 +62,9 @@ public void onUserNotFound(final UserIdCollectionMode mode) { if (!isEnabled(mode)) { return; } - final AgentTracer.TracerAPI tracer = tracer(); - if (tracer == null) { - return; - } - final TraceSegment segment = tracer.getTraceSegment(); - if (segment == null) { - return; - } - segment.setTagTop("appsec.events.users.login.failure.usr.exists", false); + dispatch( + EVENTS.loginEvent(), + (ctx, callback) -> callback.apply(ctx, mode, "users.login.failure", false, null, null)); } public void onUserEvent(final UserIdCollectionMode mode, final String userId) {