-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request log remote user #7537
Request log remote user #7537
Conversation
a6b3de8
to
f7cc1e3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
…pServletRequest#getRemoteUser()`
f7cc1e3
to
fcb78d2
Compare
* Set Jetty `Authentication` in Dropwizard `AuthFilter` to support `HttpServletRequest#getRemoteUser()` * Add test for correct remote user Refs dropwizard#7537 (cherry picked from commit 3647861)
Is it working in 4.0.7 ? I am not seeing the user at the log. |
@GuilhermeCouto This was released in 4.0.3. Do you have an example/reproducer for a case where it doesn't work? |
I am in version 4.0.7, my request logs are: 0:0:0:0:0:0:0:1] - - [14/mai./2024:20:00:55 +0000] "OPTIONS /estabelecimento/2/business_hours HTTP/1.1" 200 0 "http://localhost:5000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20 I am getting with an authenticated user. |
@zUniQueX Am I doing something wrong? |
@GuilhermeCouto I've just set up an example project using dropwizard 4.0.7 and it works fine for me: @Path("/")
public class HelloWorldResource {
@GET
public String helloWorld(@Auth PrincipalImpl principal) {
return "Hello World!";
}
} @Override
public void run(final AuthenticatedUserRequestLogsConfiguration configuration,
final Environment environment) {
BasicCredentialAuthFilter<PrincipalImpl> basicCredentialAuthFilter = new BasicCredentialAuthFilter.Builder<PrincipalImpl>()
.setAuthenticator(credentials -> Optional.of(new PrincipalImpl(credentials.getUsername())))
.setAuthorizer((principal, role, requestContext) -> true)
.buildAuthFilter();
environment.jersey().register(basicCredentialAuthFilter);
environment.jersey().register(new AuthValueFactoryProvider.Binder<>(PrincipalImpl.class));
environment.jersey().register(HelloWorldResource.class);
} When navigating to the endpoint in a browser and entering some basic auth credentials, this produces the following output:
The first request results in a 401, therefore no user can be logged. The second request correctly logs the username. |
Here is my code, what is wrong?
|
@GuilhermeCouto So far I cannot see something wrong there. |
I discovered that when I use
The user name doesn't appear in log. But when I just use
It works, and the email of the logged user appears in log. Any suggestions about how to fix it? |
Closes #7506
Currently, a request log implementation cannot get the information of a requesting user from the
dropwizard-auth
module, because the information doesn't leave the servlet level. This PR modifies the JettyAuthentication
with the new Dropwizard authentication information and exposes the authenticated user through theHttpServletRequest#getRemoteUser()
method.