You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by sstults <gi...@git.apache.org> on 2018/08/09 22:26:27 UTC
[GitHub] lucene-solr pull request #342: SOLR-12120: New AuditLoggerPlugin type allowi...
Github user sstults commented on a diff in the pull request:
https://github.com/apache/lucene-solr/pull/342#discussion_r209098033
--- Diff: solr/core/src/java/org/apache/solr/security/AuditEvent.java ---
@@ -0,0 +1,388 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.solr.security;
+
+import javax.servlet.http.HttpServletRequest;
+import java.lang.invoke.MethodHandles;
+import java.security.Principal;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.apache.solr.common.SolrException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.apache.solr.security.AuditEvent.EventType.ANONYMOUS;
+
+/**
+ * Audit event that takes request and auth context as input to be able to audit log custom things
+ */
+public class AuditEvent {
+ private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+ private String message;
+ private Level level;
+ private Date date;
+ private String username;
+ private String session;
+ private String clientIp;
+ private List<String> collections;
+ private Map<String, Object> context;
+ private HashMap<String, String> headers;
+ private Map<String, Object> solrParams;
+ private String solrHost;
+ private int solrPort;
+ private String solrIp;
+ private String resource;
+ private String httpMethod;
+ private String queryString;
+ private EventType eventType;
+ private AuthorizationResponse autResponse;
+ private String requestType;
+ private double QTime = -1;
+ private int status = 0;
+ private Throwable exception;
+
+ /* Predefined event types. Custom types can be made through constructor */
+ public enum EventType {
+ AUTHENTICATED("Authenticated", "User successfully authenticated", Level.INFO),
+ REJECTED("Rejected", "Authentication request rejected", Level.WARN),
+ ANONYMOUS("Anonymous", "Request proceeds with unknown user", Level.INFO),
+ ANONYMOUS_REJECTED("AnonymousRejected", "Request from unknown user rejected", Level.WARN),
+ AUTHORIZED("Authorized", "Authorization succeeded", Level.INFO),
+ UNAUTHORIZED("Unauthorized", "Authorization failed", Level.WARN),
+ COMPLETED("Completed", "Request completed", Level.INFO),
--- End diff --
Changing COMPLETED to Level.WARN would let loggers log each request once but skip the intermediate INFO-level events. But maybe the level of this particular type should be configurable.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org