Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

REVIEW: Add servlet filter to add userId to MDC #816

Merged
merged 2 commits into from

3 participants

@adreghiciu
Owner

+1

@cstamas
Owner

+1

Btw, what about threads running as scheduled tasks (actually all non-jetty HTTP related threads)?

@jdillon
Owner

@cstamas scheduled tasks specifically change user ctx to the system "task user". For other cases I can not say atm if there is user ctx or not. I can guess however that given the large number of threads we have w/o a system-wide thread-mgt strategy that changing this for all threads would be non-trivial.

I mentioned this a few times, and you are the first to say anything. I'm not sure its worth the trouble to add this, but if you know of any specific places where a non-jetty thread actually carries user context please let me know so I can look at it closer.

@cstamas
Owner

For scheduled tasks with the ctx you mention:
https://github.com/sonatype/nexus/blob/5ff39ca62d0b999ef5774f2da0e92d6d927a0857/nexus-core/src/main/java/org/sonatype/nexus/scheduling/AbstractNexusTask.java#L171

For other pools in general (like Auto-Routing, Proxy Remote Status Checker, etc), they all use same thread factory: org.sonatype.nexus.threads.NexusThreadFactory. So, if we want, we could set those here.

@jdillon
Owner
public Thread newThread( Runnable r )

would have to wrap the runnable to set/unset the mdc key when the thread is started. but I can't say if the context will be correct if the threads are used in a pool and reused by whatever system created them. so it is still not simple IMO to simply do this generically. If there was however an abstraction to "do some work" and not "create a thread" then it could have been generic to set/unset MDC keys around the execution of "do some work".

@jdillon jdillon Merge branch 'master' into NEXUS-5662-userid-mdc
Conflicts:
	plugins/siesta/nexus-siesta-plugin/src/main/java/org/sonatype/nexus/plugins/siesta/SiestaModule.java
4c41118
@jdillon jdillon merged commit adbad87 into master
@jdillon jdillon deleted the NEXUS-5662-userid-mdc branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 12, 2013
  1. @jdillon
Commits on Apr 15, 2013
  1. @jdillon

    Merge branch 'master' into NEXUS-5662-userid-mdc

    jdillon authored
    Conflicts:
    	plugins/siesta/nexus-siesta-plugin/src/main/java/org/sonatype/nexus/plugins/siesta/SiestaModule.java
This page is out of date. Refresh to see the latest.
View
2  nexus-logging-extras/src/main/resources/META-INF/log/logback.properties
@@ -12,5 +12,5 @@
#
root.level=INFO
-appender.pattern=%4d{yyyy-MM-dd HH:mm:ss} %-5p [%-15.15t] - %c - %m%n
+appender.pattern=%4d{yyyy-MM-dd HH:mm:ss} %-5p [%-15.15t] %X{userId} %c - %m%n
appender.file=${nexus.log-config-dir}/../logs/nexus.log
View
93 nexus-web-utils/src/main/java/org/sonatype/nexus/web/MdcUserContextFilter.java
@@ -0,0 +1,93 @@
+/*
+ * Sonatype Nexus (TM) Open Source Version
+ * Copyright (c) 2007-2012 Sonatype, Inc.
+ * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+ *
+ * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+ * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+ *
+ * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+ * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+ * Eclipse Foundation. All other trademarks are the property of their respective owners.
+ */
+package org.sonatype.nexus.web;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import java.io.IOException;
+
+// NOTE: This would be better integrated as part of the org.sonatype.security.web.guice.SecurityWebFilter ?
+
+/**
+ * Servlet filter to add user context details to the {@link MDC}.
+ *
+ * @since 2.5
+ */
+@Named
+@Singleton
+public class MdcUserContextFilter
+ implements Filter
+{
+ private static final Logger log = LoggerFactory.getLogger(MdcUserContextFilter.class);
+
+ public static final String USER_ID = "userId";
+
+ public static final String UNKNOWN_USER_ID = "<unknown-user>";
+
+ @Override
+ public void init(final FilterConfig config) throws ServletException {
+ // ignore
+ }
+
+ @Override
+ public void destroy() {
+ // ignore
+ }
+
+ @Override
+ public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
+ throws IOException, ServletException
+ {
+ MDC.put(USER_ID, getCurrentUserId());
+
+ try {
+ chain.doFilter(request, response);
+ }
+ finally {
+ MDC.remove(USER_ID);
+ }
+ }
+
+ private String getCurrentUserId() {
+ String userId = UNKNOWN_USER_ID;
+
+ try {
+ Subject subject = SecurityUtils.getSubject();
+ if (subject != null) {
+ Object principal = subject.getPrincipal();
+ if (principal != null) {
+ userId = principal.toString();
+ }
+ }
+ }
+ catch (Exception e) {
+ log.warn("Unable to determine current user; ignoring", e);
+ }
+
+ log.trace("Current userId: {}", userId);
+
+ return userId;
+ }
+}
View
1  ...let1x/nexus-restlet1x-plugin/src/main/java/org/sonatype/nexus/web/NexusServletModule.java
@@ -42,6 +42,7 @@ protected void configureServlets()
filter("/service/local/*").through( SecurityWebFilter.class );
filter("/content/*").through( SecurityWebFilter.class );
+ filter("/*").through( MdcUserContextFilter.class );
/*
* Give components contributed by this plugin a low-level ranking (same level as Nexus core) so they are ordered
View
2  ...sta/nexus-siesta-plugin/src/main/java/org/sonatype/nexus/plugins/siesta/SiestaModule.java
@@ -16,6 +16,7 @@
import com.google.inject.servlet.ServletModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.sonatype.nexus.web.MdcUserContextFilter;
import org.sonatype.nexus.guice.FilterChainModule;
import org.sonatype.security.web.guice.SecurityWebFilter;
import org.sonatype.sisu.siesta.common.Resource;
@@ -83,6 +84,7 @@ protected String pathOf(final Class<Resource> type) {
protected void configureServlets() {
serve(MOUNT_POINT + "/*").with(SiestaServlet.class);
filter(MOUNT_POINT + "/*").through(SecurityWebFilter.class);
+ filter(MOUNT_POINT + "/*").through(MdcUserContextFilter.class);
}
});
Something went wrong with that request. Please try again.