-
Notifications
You must be signed in to change notification settings - Fork 868
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[KYUUBI #3951] Support to audit the authentication http request
### _Why are the changes needed?_ Support to audit the http request. ``` 08:10:43.231 INFO AuthenticationAuditLogger: user=fwang12(auth:BASIC) ip=192.168.3.159 proxyIp=null method=GET uri=/api/v1/sessions/count protocol=HTTP/1.1 status=200 08:10:43.265 INFO AuthenticationAuditLogger: user=null(auth:BASIC) ip=192.168.3.159 proxyIp=null method=GET uri=/api/v1/sessions/count protocol=HTTP/1.1 status=403 08:10:43.273 INFO AuthenticationAuditLogger: user=null(auth:null) ip=192.168.3.159 proxyIp=null method=GET uri=/api/v1/sessions/count protocol=HTTP/1.1 status=401 08:10:43.320 INFO AuthenticationAuditLogger: user=client(auth:NEGOTIATE) ip=192.168.3.159 proxyIp=null method=GET uri=/api/v1/sessions/count protocol=HTTP/1.1 status=200 08:10:43.324 INFO AuthenticationAuditLogger: user=null(auth:NEGOTIATE) ip=192.168.3.159 proxyIp=null method=GET uri=/api/v1/sessions/count protocol=HTTP/1.1 status=403 08:10:43.331 INFO AuthenticationAuditLogger: user=null(auth:null) ip=192.168.3.159 proxyIp=null method=GET uri=/api/v1/sessions/count protocol=HTTP/1.1 status=401 08:10:47.940 INFO AuthenticationAuditLogger: user=client(auth:NEGOTIATE) ip=192.168.3.159 proxyIp=null method=POST uri=/api/v1/sessions protocol=HTTP/1.1 status=200 08:10:47.999 INFO AuthenticationAuditLogger: user=client(auth:NEGOTIATE) ip=192.168.3.159 proxyIp=null method=DELETE uri=/api/v1/sessions/86d3e4f5-2739-4759-9320-82a29914ab63 protocol=HTTP/1.1 status=200 ``` ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [x] Add screenshots for manual tests if appropriate <img width="1658" alt="image" src="https://user-images.githubusercontent.com/6757692/206594391-090594f5-a0dc-460a-ae05-e09bd938f6d7.png"> - [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3951 from turboFei/batch_log. Closes #3951 1f1c313 [fwang12] md 30b6e6d [fwang12] refactor log db2dff8 [fwang12] refactor c8e532f [fwang12] log format a8aa782 [fwang12] update log4j2 xml 2290518 [fwang12] log4j2 629f93b [fwang12] add year db783ea [fwang12] add log4j pattern 697f02f [fwang12] save e9cd0bf [fwang12] audit rest log Authored-by: fwang12 <fwang12@ebay.com> Signed-off-by: fwang12 <fwang12@ebay.com>
- Loading branch information
Showing
6 changed files
with
97 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
...c/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one or more | ||
* contributor license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright ownership. | ||
* The ASF licenses this file to You under the Apache License, Version 2.0 | ||
* (the "License"); you may not use this file except in compliance with | ||
* the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.kyuubi.server.http.authentication | ||
|
||
import javax.servlet.http.{HttpServletRequest, HttpServletResponse} | ||
|
||
import org.apache.kyuubi.Logging | ||
import org.apache.kyuubi.server.http.authentication.AuthenticationFilter.{HTTP_AUTH_TYPE, HTTP_CLIENT_IP_ADDRESS, HTTP_CLIENT_USER_NAME, HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS} | ||
|
||
object AuthenticationAuditLogger extends Logging { | ||
final private val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() { | ||
override protected def initialValue: StringBuilder = new StringBuilder() | ||
} | ||
|
||
def audit(request: HttpServletRequest, response: HttpServletResponse): Unit = { | ||
val sb = AUDIT_BUFFER.get() | ||
sb.setLength(0) | ||
sb.append(s"user=${HTTP_CLIENT_USER_NAME.get()}(auth:${HTTP_AUTH_TYPE.get()})").append("\t") | ||
sb.append(s"ip=${HTTP_CLIENT_IP_ADDRESS.get()}").append("\t") | ||
sb.append(s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}").append("\t") | ||
sb.append(s"method=${request.getMethod}").append("\t") | ||
sb.append(s"uri=${request.getRequestURI}").append("\t") | ||
sb.append(s"protocol=${request.getProtocol}").append("\t") | ||
sb.append(s"status=${response.getStatus}") | ||
info(sb.toString()) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters