You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2019/10/13 19:09:00 UTC

[jira] [Updated] (SOLR-13840) AuditLogger issues when logged from HttpServletRequest

     [ https://issues.apache.org/jira/browse/SOLR-13840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Høydahl updated SOLR-13840:
-------------------------------
    Summary: AuditLogger issues when logged from HttpServletRequest  (was: AuditLogger issues with REJECTED state due to wrong PW)

> AuditLogger issues when logged from HttpServletRequest
> ------------------------------------------------------
>
>                 Key: SOLR-13840
>                 URL: https://issues.apache.org/jira/browse/SOLR-13840
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Auditlogging
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>
> Spinoff from SOLR-13741
> When a REJECTED event is generated from SolrDispatchFilter on failed authentication, we only have the {{HttpServletRequest}} as input, no SolrParams, Principal etc. In this case we parse "resource" from contextPath, while we should use {{getPathInfo()}}. Also, we fail to detect admin requests as such and get UNKNOWN instead. Lastly, the {{solrParams}} part of {{AuditEvent}} is not filled at all from in this case, while we could have filled it with the parameters in the request.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org