Test remote addr in logs (#17)
parent
f22be03384
commit
7e00f4953d
|
@ -100,6 +100,8 @@
|
|||
|
||||
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
|
||||
|
||||
<bean id="mdcFilter" class="org.mitre.mdc.MultiMDCFilter"/>
|
||||
|
||||
<!-- Spring Security configuration -->
|
||||
|
||||
<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" stateless="false" />
|
||||
|
@ -117,6 +119,7 @@
|
|||
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
|
||||
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
@ -125,11 +128,13 @@
|
|||
<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
|
||||
<security:intercept-url pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" access="permitAll"/>
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
<security:http pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
|
||||
<security:intercept-url pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
||||
|
@ -137,6 +142,7 @@
|
|||
<security:http pattern="/resources/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
|
||||
<security:intercept-url pattern="/resources/**" access="permitAll"/>
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
||||
|
@ -144,6 +150,7 @@
|
|||
<security:http pattern="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
|
||||
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:expression-handler ref="oauthWebExpressionHandler" />
|
||||
<security:intercept-url pattern="/register/**" access="permitAll"/>
|
||||
<security:csrf disabled="true"/>
|
||||
|
@ -152,6 +159,7 @@
|
|||
<security:http pattern="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
|
||||
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:expression-handler ref="oauthWebExpressionHandler" />
|
||||
<security:intercept-url pattern="/resource/**" access="permitAll"/>
|
||||
<security:csrf disabled="true"/>
|
||||
|
@ -160,12 +168,14 @@
|
|||
<security:http pattern="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
|
||||
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:expression-handler ref="oauthWebExpressionHandler" />
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
||||
<security:http pattern="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
|
||||
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:expression-handler ref="oauthWebExpressionHandler" />
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
@ -180,6 +190,7 @@
|
|||
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
|
||||
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
@ -194,6 +205,7 @@
|
|||
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
||||
|
@ -207,6 +219,7 @@
|
|||
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
|
||||
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
|
||||
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
<security:csrf disabled="true"/>
|
||||
</security:http>
|
||||
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
<security:frame-options policy="DENY" />
|
||||
</security:headers>
|
||||
<security:csrf />
|
||||
<security:custom-filter ref="mdcFilter" before="FIRST"/>
|
||||
</security:http>
|
||||
|
||||
</beans>
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
package org.mitre.mdc;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.slf4j.MDC;
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
public class MultiMDCFilter extends GenericFilterBean {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(MultiMDCFilter.class);
|
||||
|
||||
private final RemoteAddressMDCFilter remoteAddressMDCFilter;
|
||||
private final SessionIdMDCFilter sessionIdMDCFilter;
|
||||
|
||||
public MultiMDCFilter() {
|
||||
this.remoteAddressMDCFilter = new RemoteAddressMDCFilter();
|
||||
this.sessionIdMDCFilter = new SessionIdMDCFilter();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
||||
throws IOException, ServletException
|
||||
{
|
||||
log.info("--- Initialized MultiMDCFilter ---");
|
||||
remoteAddressMDCFilter.doFilter(servletRequest);
|
||||
sessionIdMDCFilter.doFilter(servletRequest);
|
||||
filterChain.doFilter(servletRequest, servletResponse);
|
||||
MDC.clear();
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
package org.mitre.mdc;
|
||||
|
||||
import org.slf4j.MDC;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
public class RemoteAddressMDCFilter {
|
||||
|
||||
private static final String[] IP_HEADER_CANDIDATES = {
|
||||
"X-Forwarded-For",
|
||||
"Proxy-Client-IP",
|
||||
"WL-Proxy-Client-IP",
|
||||
"HTTP_X_FORWARDED_FOR",
|
||||
"HTTP_X_FORWARDED",
|
||||
"HTTP_X_CLUSTER_CLIENT_IP",
|
||||
"HTTP_CLIENT_IP",
|
||||
"HTTP_FORWARDED_FOR",
|
||||
"HTTP_FORWARDED",
|
||||
"HTTP_VIA",
|
||||
"REMOTE_ADDR"
|
||||
};
|
||||
|
||||
private static final String REMOTE_ADDR = "remoteAddr";
|
||||
|
||||
public void doFilter(ServletRequest servletRequest) {
|
||||
MDC.put(REMOTE_ADDR, getRemoteAddr((HttpServletRequest) servletRequest));
|
||||
}
|
||||
|
||||
private String getRemoteAddr(HttpServletRequest request) {
|
||||
if (request.getRemoteAddr() != null) {
|
||||
return request.getRemoteAddr();
|
||||
}
|
||||
|
||||
for (String header: IP_HEADER_CANDIDATES) {
|
||||
String ipList = request.getHeader(header);
|
||||
if (ipList != null && ipList.length() != 0 && !"unknown".equalsIgnoreCase(ipList)) {
|
||||
return ipList.split(",")[0];
|
||||
}
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
package org.mitre.mdc;
|
||||
|
||||
import org.slf4j.MDC;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
public class SessionIdMDCFilter {
|
||||
|
||||
private static final int SIZE = 12;
|
||||
private static final String SESSION_ID = "sessionID";
|
||||
|
||||
public void doFilter(ServletRequest servletRequest) {
|
||||
HttpServletRequest req = (HttpServletRequest) servletRequest;
|
||||
if (req.getSession() != null) {
|
||||
String id = req.getSession().getId();
|
||||
if (id != null && id.length() > SIZE) {
|
||||
id = id.substring(0, SIZE);
|
||||
}
|
||||
MDC.put(SESSION_ID, id);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue