Test remote addr in logs (#17)

pull/1580/head
Dominik František Bučík 2021-07-01 09:39:03 +02:00 committed by Dominik Frantisek Bucik
parent f22be03384
commit 7e00f4953d
No known key found for this signature in database
GPG Key ID: 25014C8DB2E7E62D
5 changed files with 119 additions and 0 deletions

View File

@ -100,6 +100,8 @@
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<bean id="mdcFilter" class="org.mitre.mdc.MultiMDCFilter"/>
<!-- Spring Security configuration -->
<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" stateless="false" />
@ -117,6 +119,7 @@
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true"/>
</security:http>
@ -125,11 +128,13 @@
<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" access="permitAll"/>
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:csrf disabled="true"/>
</security:http>
@ -137,6 +142,7 @@
<security:http pattern="/resources/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/resources/**" access="permitAll"/>
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:csrf disabled="true"/>
</security:http>
@ -144,6 +150,7 @@
<security:http pattern="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:intercept-url pattern="/register/**" access="permitAll"/>
<security:csrf disabled="true"/>
@ -152,6 +159,7 @@
<security:http pattern="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:intercept-url pattern="/resource/**" access="permitAll"/>
<security:csrf disabled="true"/>
@ -160,12 +168,14 @@
<security:http pattern="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:csrf disabled="true"/>
</security:http>
@ -180,6 +190,7 @@
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true"/>
</security:http>
@ -194,6 +205,7 @@
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:csrf disabled="true"/>
</security:http>
@ -207,6 +219,7 @@
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
<security:csrf disabled="true"/>
</security:http>

View File

@ -52,6 +52,7 @@
<security:frame-options policy="DENY" />
</security:headers>
<security:csrf />
<security:custom-filter ref="mdcFilter" before="FIRST"/>
</security:http>
</beans>

View File

@ -0,0 +1,37 @@
package org.mitre.mdc;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
public class MultiMDCFilter extends GenericFilterBean {
private static final Logger log = LoggerFactory.getLogger(MultiMDCFilter.class);
private final RemoteAddressMDCFilter remoteAddressMDCFilter;
private final SessionIdMDCFilter sessionIdMDCFilter;
public MultiMDCFilter() {
this.remoteAddressMDCFilter = new RemoteAddressMDCFilter();
this.sessionIdMDCFilter = new SessionIdMDCFilter();
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException
{
log.info("--- Initialized MultiMDCFilter ---");
remoteAddressMDCFilter.doFilter(servletRequest);
sessionIdMDCFilter.doFilter(servletRequest);
filterChain.doFilter(servletRequest, servletResponse);
MDC.clear();
}
}

View File

@ -0,0 +1,44 @@
package org.mitre.mdc;
import org.slf4j.MDC;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
public class RemoteAddressMDCFilter {
private static final String[] IP_HEADER_CANDIDATES = {
"X-Forwarded-For",
"Proxy-Client-IP",
"WL-Proxy-Client-IP",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_VIA",
"REMOTE_ADDR"
};
private static final String REMOTE_ADDR = "remoteAddr";
public void doFilter(ServletRequest servletRequest) {
MDC.put(REMOTE_ADDR, getRemoteAddr((HttpServletRequest) servletRequest));
}
private String getRemoteAddr(HttpServletRequest request) {
if (request.getRemoteAddr() != null) {
return request.getRemoteAddr();
}
for (String header: IP_HEADER_CANDIDATES) {
String ipList = request.getHeader(header);
if (ipList != null && ipList.length() != 0 && !"unknown".equalsIgnoreCase(ipList)) {
return ipList.split(",")[0];
}
}
return "";
}
}

View File

@ -0,0 +1,24 @@
package org.mitre.mdc;
import org.slf4j.MDC;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
public class SessionIdMDCFilter {
private static final int SIZE = 12;
private static final String SESSION_ID = "sessionID";
public void doFilter(ServletRequest servletRequest) {
HttpServletRequest req = (HttpServletRequest) servletRequest;
if (req.getSession() != null) {
String id = req.getSession().getId();
if (id != null && id.length() > SIZE) {
id = id.substring(0, SIZE);
}
MDC.put(SESSION_ID, id);
}
}
}