From e9cd0bfc1ab2ddd4ccff38da008b9eaed77d108d Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Thu, 8 Dec 2022 23:41:01 +0800
Subject: [PATCH 01/10] audit rest log

---
 .../authentication/AuthenticationFilter.scala    | 16 ++++++++++++++--
 .../KyuubiHttpAuthenticationFactory.scala        |  2 ++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index ece0baf56aa..14224ec95f6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -125,10 +125,11 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
         }
       } catch {
         case e: AuthenticationException =>
+          httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN)
+          auditHttpRequest(httpRequest, httpResponse)
           HTTP_CLIENT_USER_NAME.remove()
           HTTP_CLIENT_IP_ADDRESS.remove()
           HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
-          httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN)
           httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage)
       }
     }
@@ -161,7 +162,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
   }
 }
 
-object AuthenticationFilter {
+object AuthenticationFilter extends Logging {
   final val HTTP_CLIENT_IP_ADDRESS = new ThreadLocal[String]() {
     override protected def initialValue: String = null
   }
@@ -177,4 +178,15 @@ object AuthenticationFilter {
   def getUserProxyHeaderIpAddress: String = HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()
 
   def getUserName: String = HTTP_CLIENT_USER_NAME.get
+
+  def auditHttpRequest(request: HttpServletRequest, response: HttpServletResponse): Unit = {
+    info(Array(
+      s"user=${HTTP_CLIENT_USER_NAME.get()}",
+      s"ip=${request.getRemoteAddr}",
+      s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}",
+      s"method=${request.getMethod}",
+      s"uri=${request.getRequestURI}",
+      s"protocol=${request.getProtocol}",
+      s"status=${response.getStatus}").mkString("\t"))
+  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
index 4556f1c823d..241545e9eb8 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
@@ -77,8 +77,10 @@ class KyuubiHttpAuthenticationFactory(conf: KyuubiConf) {
             MetricsSystem.tracing { ms =>
               ms.decCount(REST_CONN_OPEN)
             }
+            AuthenticationFilter.auditHttpRequest(request, response)
             AuthenticationFilter.HTTP_CLIENT_USER_NAME.remove()
             AuthenticationFilter.HTTP_CLIENT_IP_ADDRESS.remove()
+            AuthenticationFilter.HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
           }
         }
 

From 697f02fa2e0bdb92e14f8bb9a53c1af73bdd1f42 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 00:13:42 +0800
Subject: [PATCH 02/10] save

---
 .../AuthenticationAuditLogger.scala           | 42 +++++++++++++++++++
 .../authentication/AuthenticationFilter.scala | 23 ++++------
 .../KyuubiHttpAuthenticationFactory.scala     |  1 -
 3 files changed, 49 insertions(+), 17 deletions(-)
 create mode 100644 kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
new file mode 100644
index 00000000000..05a50f8fc46
--- /dev/null
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.kyuubi.server.http.authentication
+
+import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
+
+import org.apache.kyuubi.Logging
+import org.apache.kyuubi.server.http.authentication.AuthenticationFilter.{HTTP_CLIENT_IP_ADDRESS, HTTP_CLIENT_USER_NAME, HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS}
+
+object AuthenticationAuditLogger extends Logging {
+  final val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() {
+    override protected def initialValue: StringBuilder = new StringBuilder()
+  }
+
+  def audit(request: HttpServletRequest, response: HttpServletResponse): Unit = {
+    val sb = AUDIT_BUFFER.get()
+    sb.setLength(0)
+    sb.append(s"user=${HTTP_CLIENT_USER_NAME.get()}").append("\t")
+    sb.append(s"ip=${HTTP_CLIENT_IP_ADDRESS.get()}").append("\t")
+    sb.append(s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}").append("\t")
+    sb.append(s"method=${request.getMethod}").append("\t")
+    sb.append(s"uri=${request.getRequestURI}").append("\t")
+    sb.append(s"protocol=${request.getProtocol}").append("\t")
+    sb.append(s"status=${response.getStatus}")
+    info(sb.toString())
+  }
+}
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index 14224ec95f6..272457d09f9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -106,27 +106,29 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
 
     val authorization = httpRequest.getHeader(AUTHORIZATION_HEADER)
     val matchedHandler = getMatchedHandler(authorization).orNull
+    HTTP_CLIENT_IP_ADDRESS.set(httpRequest.getRemoteAddr)
+    HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.set(
+      httpRequest.getHeader(conf.get(FRONTEND_PROXY_HTTP_CLIENT_IP_HEADER)))
 
     if (matchedHandler == null) {
       debug(s"No auth scheme matched for url: ${httpRequest.getRequestURL}")
       httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED)
+      AuthenticationAuditLogger.audit(httpRequest, httpResponse)
       httpResponse.sendError(
         HttpServletResponse.SC_UNAUTHORIZED,
         s"No auth scheme matched for $authorization")
     } else {
-      HTTP_CLIENT_IP_ADDRESS.set(httpRequest.getRemoteAddr)
-      HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.set(
-        httpRequest.getHeader(conf.get(FRONTEND_PROXY_HTTP_CLIENT_IP_HEADER)))
       try {
         val authUser = matchedHandler.authenticate(httpRequest, httpResponse)
         if (authUser != null) {
           HTTP_CLIENT_USER_NAME.set(authUser)
           doFilter(filterChain, httpRequest, httpResponse)
         }
+        AuthenticationAuditLogger.audit(httpRequest, httpResponse)
       } catch {
         case e: AuthenticationException =>
           httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN)
-          auditHttpRequest(httpRequest, httpResponse)
+          AuthenticationAuditLogger.audit(httpRequest, httpResponse)
           HTTP_CLIENT_USER_NAME.remove()
           HTTP_CLIENT_IP_ADDRESS.remove()
           HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
@@ -162,7 +164,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
   }
 }
 
-object AuthenticationFilter extends Logging {
+object AuthenticationFilter {
   final val HTTP_CLIENT_IP_ADDRESS = new ThreadLocal[String]() {
     override protected def initialValue: String = null
   }
@@ -178,15 +180,4 @@ object AuthenticationFilter extends Logging {
   def getUserProxyHeaderIpAddress: String = HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()
 
   def getUserName: String = HTTP_CLIENT_USER_NAME.get
-
-  def auditHttpRequest(request: HttpServletRequest, response: HttpServletResponse): Unit = {
-    info(Array(
-      s"user=${HTTP_CLIENT_USER_NAME.get()}",
-      s"ip=${request.getRemoteAddr}",
-      s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}",
-      s"method=${request.getMethod}",
-      s"uri=${request.getRequestURI}",
-      s"protocol=${request.getProtocol}",
-      s"status=${response.getStatus}").mkString("\t"))
-  }
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
index 241545e9eb8..4318bde2257 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
@@ -77,7 +77,6 @@ class KyuubiHttpAuthenticationFactory(conf: KyuubiConf) {
             MetricsSystem.tracing { ms =>
               ms.decCount(REST_CONN_OPEN)
             }
-            AuthenticationFilter.auditHttpRequest(request, response)
             AuthenticationFilter.HTTP_CLIENT_USER_NAME.remove()
             AuthenticationFilter.HTTP_CLIENT_IP_ADDRESS.remove()
             AuthenticationFilter.HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()

From db783eaaf427a7319ec1aa118dd9a2b98319bc41 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 00:44:35 +0800
Subject: [PATCH 03/10] add log4j pattern

---
 kyuubi-server/src/test/resources/log4j2-test.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index bfc40dd6df4..57abcaa0469 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -33,11 +33,22 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </File>
+        <RollingFile name="auditLog" fileName="target/rest-audit.log"
+                     filePattern="target/rest-audit-%d{yyyy-MM-dd}-%i.log">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <Policies>
+                <SizeBasedTriggeringPolicy size="19500KB" />
+            </Policies>
+            <DefaultRolloverStrategy max="10"/>
+        </RollingFile>
     </Appenders>
     <Loggers>
         <Root level="INFO">
             <AppenderRef ref="stdout"/>
             <AppenderRef ref="file"/>
         </Root>
+        <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
+            <AppenderRef ref="auditLog" />
+        </Logger>
     </Loggers>
 </Configuration>

From 629f93b98c6b5ad86367f1bb2e73f010ec0d3e94 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 00:47:02 +0800
Subject: [PATCH 04/10] add year

---
 kyuubi-server/src/test/resources/log4j2-test.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index 57abcaa0469..2723bfc27e5 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -35,7 +35,7 @@
         </File>
         <RollingFile name="auditLog" fileName="target/rest-audit.log"
                      filePattern="target/rest-audit-%d{yyyy-MM-dd}-%i.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
             <Policies>
                 <SizeBasedTriggeringPolicy size="19500KB" />
             </Policies>

From 22905186c832d0d401ef8403e16174a09fb29734 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 00:56:43 +0800
Subject: [PATCH 05/10] log4j2

---
 conf/log4j2.xml.template                         | 11 +++++++++++
 kyuubi-server/src/test/resources/log4j2-test.xml |  4 ++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/conf/log4j2.xml.template b/conf/log4j2.xml.template
index 6aedf7652ff..5df54308e29 100644
--- a/conf/log4j2.xml.template
+++ b/conf/log4j2.xml.template
@@ -27,6 +27,14 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
+        <RollingFile name="audit" fileName="${sys:KYUUBI_LOG_DIR}/rest-audit.log"
+                     filePattern="${sys:KYUUBI_LOG_DIR}/rest-audit-%d{yyyy-MM-dd}-%i.log">
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
+            <Policies>
+                <SizeBasedTriggeringPolicy size="51200KB" />
+            </Policies>
+            <DefaultRolloverStrategy max="10"/>
+        </RollingFile>
     </Appenders>
     <Loggers>
         <Root level="INFO">
@@ -43,5 +51,8 @@
         <Logger name="org.apache.hive.beeline.KyuubiBeeLine" level="error" additivity="false">
             <AppenderRef ref="stdout"/>
         </Logger>
+        <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
+            <AppenderRef ref="audit" />
+        </Logger>
     </Loggers>
 </Configuration>
diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index 2723bfc27e5..db3f970c1b1 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -33,7 +33,7 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </File>
-        <RollingFile name="auditLog" fileName="target/rest-audit.log"
+        <RollingFile name="audit" fileName="target/rest-audit.log"
                      filePattern="target/rest-audit-%d{yyyy-MM-dd}-%i.log">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
             <Policies>
@@ -48,7 +48,7 @@
             <AppenderRef ref="file"/>
         </Root>
         <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
-            <AppenderRef ref="auditLog" />
+            <AppenderRef ref="audit" />
         </Logger>
     </Loggers>
 </Configuration>

From a8aa782592f3b19b4bf9271f1063eda631e32e25 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 07:54:14 +0800
Subject: [PATCH 06/10] update log4j2 xml

---
 kyuubi-server/src/test/resources/log4j2-test.xml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index db3f970c1b1..63d77050a96 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -33,14 +33,9 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </File>
-        <RollingFile name="audit" fileName="target/rest-audit.log"
-                     filePattern="target/rest-audit-%d{yyyy-MM-dd}-%i.log">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="19500KB" />
-            </Policies>
-            <DefaultRolloverStrategy max="10"/>
-        </RollingFile>
+        <File name="audit" fileName="target/rest-audit.log">
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+        </File>
     </Appenders>
     <Loggers>
         <Root level="INFO">

From c8e532f2d997dcd101845d15f7eaa28c7a8359b2 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 08:05:24 +0800
Subject: [PATCH 07/10] log format

---
 .../http/authentication/AuthenticationAuditLogger.scala    | 6 +++---
 .../server/http/authentication/AuthenticationFilter.scala  | 7 +++++++
 .../authentication/KyuubiHttpAuthenticationFactory.scala   | 1 +
 kyuubi-server/src/test/resources/log4j2-test.xml           | 2 +-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
index 05a50f8fc46..48236804abe 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
@@ -20,17 +20,17 @@ package org.apache.kyuubi.server.http.authentication
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 
 import org.apache.kyuubi.Logging
-import org.apache.kyuubi.server.http.authentication.AuthenticationFilter.{HTTP_CLIENT_IP_ADDRESS, HTTP_CLIENT_USER_NAME, HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS}
+import org.apache.kyuubi.server.http.authentication.AuthenticationFilter.{HTTP_AUTH_TYPE, HTTP_CLIENT_IP_ADDRESS, HTTP_CLIENT_USER_NAME, HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS}
 
 object AuthenticationAuditLogger extends Logging {
-  final val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() {
+  private final val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() {
     override protected def initialValue: StringBuilder = new StringBuilder()
   }
 
   def audit(request: HttpServletRequest, response: HttpServletResponse): Unit = {
     val sb = AUDIT_BUFFER.get()
     sb.setLength(0)
-    sb.append(s"user=${HTTP_CLIENT_USER_NAME.get()}").append("\t")
+    sb.append(s"user=${HTTP_CLIENT_USER_NAME.get()}(auth: ${HTTP_AUTH_TYPE.get()})").append("\t")
     sb.append(s"ip=${HTTP_CLIENT_IP_ADDRESS.get()}").append("\t")
     sb.append(s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}").append("\t")
     sb.append(s"method=${request.getMethod}").append("\t")
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
index 272457d09f9..740937d8ec9 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationFilter.scala
@@ -118,6 +118,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
         HttpServletResponse.SC_UNAUTHORIZED,
         s"No auth scheme matched for $authorization")
     } else {
+      HTTP_AUTH_TYPE.set(matchedHandler.authScheme.toString)
       try {
         val authUser = matchedHandler.authenticate(httpRequest, httpResponse)
         if (authUser != null) {
@@ -132,6 +133,7 @@ class AuthenticationFilter(conf: KyuubiConf) extends Filter with Logging {
           HTTP_CLIENT_USER_NAME.remove()
           HTTP_CLIENT_IP_ADDRESS.remove()
           HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
+          HTTP_AUTH_TYPE.remove()
           httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage)
       }
     }
@@ -174,10 +176,15 @@ object AuthenticationFilter {
   final val HTTP_CLIENT_USER_NAME = new ThreadLocal[String]() {
     override protected def initialValue: String = null
   }
+  final val HTTP_AUTH_TYPE = new ThreadLocal[String]() {
+    override protected def initialValue(): String = null
+  }
 
   def getUserIpAddress: String = HTTP_CLIENT_IP_ADDRESS.get
 
   def getUserProxyHeaderIpAddress: String = HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()
 
   def getUserName: String = HTTP_CLIENT_USER_NAME.get
+
+  def getAuthType: String = HTTP_AUTH_TYPE.get()
 }
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
index 4318bde2257..ca95fda3d9a 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/KyuubiHttpAuthenticationFactory.scala
@@ -80,6 +80,7 @@ class KyuubiHttpAuthenticationFactory(conf: KyuubiConf) {
             AuthenticationFilter.HTTP_CLIENT_USER_NAME.remove()
             AuthenticationFilter.HTTP_CLIENT_IP_ADDRESS.remove()
             AuthenticationFilter.HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.remove()
+            AuthenticationFilter.HTTP_AUTH_TYPE.remove()
           }
         }
 
diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index 63d77050a96..ff4702a5000 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -34,7 +34,7 @@
             </Filters>
         </File>
         <File name="audit" fileName="target/rest-audit.log">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} %t %p %c{1}: %m%n"/>
+            <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c{1}: %m%n"/>
         </File>
     </Appenders>
     <Loggers>

From db2dff8a6082dfbc2d54d9100c410f675acf3344 Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 08:10:29 +0800
Subject: [PATCH 08/10] refactor

---
 .../http/authentication/AuthenticationAuditLogger.scala       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
index 48236804abe..ac1ee2a63a6 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/http/authentication/AuthenticationAuditLogger.scala
@@ -23,14 +23,14 @@ import org.apache.kyuubi.Logging
 import org.apache.kyuubi.server.http.authentication.AuthenticationFilter.{HTTP_AUTH_TYPE, HTTP_CLIENT_IP_ADDRESS, HTTP_CLIENT_USER_NAME, HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS}
 
 object AuthenticationAuditLogger extends Logging {
-  private final val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() {
+  final private val AUDIT_BUFFER = new ThreadLocal[StringBuilder]() {
     override protected def initialValue: StringBuilder = new StringBuilder()
   }
 
   def audit(request: HttpServletRequest, response: HttpServletResponse): Unit = {
     val sb = AUDIT_BUFFER.get()
     sb.setLength(0)
-    sb.append(s"user=${HTTP_CLIENT_USER_NAME.get()}(auth: ${HTTP_AUTH_TYPE.get()})").append("\t")
+    sb.append(s"user=${HTTP_CLIENT_USER_NAME.get()}(auth:${HTTP_AUTH_TYPE.get()})").append("\t")
     sb.append(s"ip=${HTTP_CLIENT_IP_ADDRESS.get()}").append("\t")
     sb.append(s"proxyIp=${HTTP_PROXY_HEADER_CLIENT_IP_ADDRESS.get()}").append("\t")
     sb.append(s"method=${request.getMethod}").append("\t")

From 30b6e6d68835b837fa12bfaa705acd67a8f1f97f Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 08:36:47 +0800
Subject: [PATCH 09/10] refactor log

---
 conf/log4j2.xml.template                         | 10 +++++++---
 kyuubi-server/src/test/resources/log4j2-test.xml |  7 +++++--
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/conf/log4j2.xml.template b/conf/log4j2.xml.template
index 5df54308e29..37fc8acf036 100644
--- a/conf/log4j2.xml.template
+++ b/conf/log4j2.xml.template
@@ -20,6 +20,10 @@
 <!-- Extra logging related to initialization of Log4j.
  Set to debug or trace if log4j initialization is failing. -->
 <Configuration status="INFO">
+    <Properties>
+        <Property name="restAuditLogPath">rest-audit.log</Property>
+        <Property name="restAuditLogFilePattern">rest-audit-%d{yyyy-MM-dd}-%i.log</Property>
+    </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
@@ -27,8 +31,8 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
-        <RollingFile name="audit" fileName="${sys:KYUUBI_LOG_DIR}/rest-audit.log"
-                     filePattern="${sys:KYUUBI_LOG_DIR}/rest-audit-%d{yyyy-MM-dd}-%i.log">
+        <RollingFile name="restAudit" fileName="${sys:restAuditLogPath}"
+                     filePattern="${sys:restAuditLogFilePattern}">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
             <Policies>
                 <SizeBasedTriggeringPolicy size="51200KB" />
@@ -52,7 +56,7 @@
             <AppenderRef ref="stdout"/>
         </Logger>
         <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
-            <AppenderRef ref="audit" />
+            <AppenderRef ref="restAudit" />
         </Logger>
     </Loggers>
 </Configuration>
diff --git a/kyuubi-server/src/test/resources/log4j2-test.xml b/kyuubi-server/src/test/resources/log4j2-test.xml
index ff4702a5000..623dd71fd14 100644
--- a/kyuubi-server/src/test/resources/log4j2-test.xml
+++ b/kyuubi-server/src/test/resources/log4j2-test.xml
@@ -19,6 +19,9 @@
 <!-- Extra logging related to initialization of Log4j. 
  Set to debug or trace if log4j initialization is failing. -->
 <Configuration status="WARN">
+    <Properties>
+        <Property name="restAuditLogPath">target/rest-audit.log</Property>
+    </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
             <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c: %m%n"/>
@@ -33,7 +36,7 @@
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </File>
-        <File name="audit" fileName="target/rest-audit.log">
+        <File name="restAudit" fileName="${sys:restAuditLogPath}">
             <PatternLayout pattern="%d{HH:mm:ss.SSS} %p %c{1}: %m%n"/>
         </File>
     </Appenders>
@@ -43,7 +46,7 @@
             <AppenderRef ref="file"/>
         </Root>
         <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
-            <AppenderRef ref="audit" />
+            <AppenderRef ref="restAudit" />
         </Logger>
     </Loggers>
 </Configuration>

From 1f1c313d88a13b3931e366f5913911b70095169a Mon Sep 17 00:00:00 2001
From: fwang12 <fwang12@ebay.com>
Date: Fri, 9 Dec 2022 09:32:28 +0800
Subject: [PATCH 10/10] md

---
 docs/deployment/settings.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/deployment/settings.md b/docs/deployment/settings.md
index 15b0be9c49a..b006330f977 100644
--- a/docs/deployment/settings.md
+++ b/docs/deployment/settings.md
@@ -607,6 +607,10 @@ Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can
 <!-- Extra logging related to initialization of Log4j.
  Set to debug or trace if log4j initialization is failing. -->
 <Configuration status="INFO">
+    <Properties>
+        <Property name="restAuditLogPath">rest-audit.log</Property>
+        <Property name="restAuditLogFilePattern">rest-audit-%d{yyyy-MM-dd}-%i.log</Property>
+    </Properties>
     <Appenders>
         <Console name="stdout" target="SYSTEM_OUT">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c: %m%n"/>
@@ -614,6 +618,14 @@ Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can
                 <RegexFilter regex=".*Thrift error occurred during processing of message.*" onMatch="DENY" onMismatch="NEUTRAL"/>
             </Filters>
         </Console>
+        <RollingFile name="restAudit" fileName="${sys:restAuditLogPath}"
+                     filePattern="${sys:restAuditLogFilePattern}">
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} %p %c{1}: %m%n"/>
+            <Policies>
+                <SizeBasedTriggeringPolicy size="51200KB" />
+            </Policies>
+            <DefaultRolloverStrategy max="10"/>
+        </RollingFile>
     </Appenders>
     <Loggers>
         <Root level="INFO">
@@ -630,6 +642,9 @@ Kyuubi uses [log4j](https://logging.apache.org/log4j/2.x/) for logging. You can
         <Logger name="org.apache.hive.beeline.KyuubiBeeLine" level="error" additivity="false">
             <AppenderRef ref="stdout"/>
         </Logger>
+        <Logger name="org.apache.kyuubi.server.http.authentication.AuthenticationAuditLogger" additivity="false">
+            <AppenderRef ref="restAudit" />
+        </Logger>
     </Loggers>
 </Configuration>
 ```