You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2019/07/06 10:41:40 UTC
[Bug 63545] New: enhancement - add a new pattern attribute for
logging user roles
https://bz.apache.org/bugzilla/show_bug.cgi?id=63545
Bug ID: 63545
Summary: enhancement - add a new pattern attribute for logging
user roles
Product: Tomcat 9
Version: 9.0.x
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: eugene.adell@gmail.com
Target Milestone: -----
The Access Log Valve already has a set of possible pattern attributes that
covers most of production server needs.
However if we can log the user name since the beginning of the project, we
still can't log his role(s). I understand that being inspired from Apache httpd
where such a notion doesn't exist, it has not been implemented.
Implementing this new pattern attribute would :
-log roles in the access log
-make debug easier for problems related to user roles
-track more easily user role changing, which is required for applications that
implement role delegation (typically when a user goes on vacation and is
replaced temporarily by someone having smaller rights during the rest of the
year)
I believe that production needs and Tomcat code have changed consequently since
bugid 3588, and that Tomcat is almost ready to cover this feature without much
effort.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 63545] enhancement - add a new pattern attribute for logging
user roles
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63545
--- Comment #4 from Christopher Schultz <ch...@christopherschultz.net> ---
What about roles containing commas?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 63545] enhancement - add a new pattern attribute for logging
user roles
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63545
--- Comment #2 from Eugène Adell <eu...@gmail.com> ---
Created attachment 36647
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36647&action=edit
suggested patch for Request.java
created from 9.0.21 source code
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 63545] enhancement - add a new pattern attribute for logging
user roles
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63545
--- Comment #1 from Eugène Adell <eu...@gmail.com> ---
Created attachment 36646
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36646&action=edit
suggested patch for AbstractAccessLogValve.java
created from 9.0.21 source code
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 63545] enhancement - add a new pattern attribute for logging
user roles
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63545
--- Comment #5 from Christopher Schultz <ch...@christopherschultz.net> ---
I'm skeptical of the usefulness of this patch, but I won't stop anyone from
applying it.
I have a short review of the patch as presented.
Request.java: I am -1 on this change
- public Principal getPrincipal() already exists
AbstractAccessLogValve.java:
- use Request.getPrincipal instead of (unnecessary)
Request.getRemoteUserRoles()
- There is no need for a StringBuilder to buffer role names; simply append
directly to the existing buffer
- new Character(',').charValue() is unnecessary
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 63545] enhancement - add a new pattern attribute for logging
user roles
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63545
--- Comment #3 from Eugène Adell <eu...@gmail.com> ---
The patches add a %R pattern attribute
When the 2 patches are applied, I get the expected result when testing a
DataSourceRealm with the following valve :
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %R %t
"%r" %s %b" />
Results
one role :
127.0.0.1 - jimmy user [06/Jul/2019:11:54:11 +0200] "GET
/db/restricted/index.jsp HTTP/1.1" 200 9
three roles :
127.0.0.1 - jimmy admin,contributor,user [06/Jul/2019:11:55:10 +0200] "GET
/db/restricted/index.jsp HTTP/1.1" 200 9
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org