Merge pull request #9073 from vespa-engine/bjorncs/ssl-info-in-access-log

Add ssl session id and cipher suite to access log
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2019-04-11 15:45:11 +0200
committer: GitHub <noreply@github.com> 2019-04-11 15:45:11 +0200
commit: 6a0a5ed5778941b27017f3a9eff045a703c2f7ca (patch)
tree: f185d1aa1f9c9c0631864acd57266ae933dd3c7d
parent: baacd388fa74991e561c0690a2a2b78b92bc382e (diff)
parent: 6d6a96ba6bdf81636c0c869e01e5a06fbb3b2a83 (diff)
2 files changed, 10 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
index 5c3298a7aff..9a10c70ceab 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
@@ -87,6 +87,14 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog
             if (clientCert != null && clientCert.length > 0) {
                 accessLogEntry.setSslPrincipal(clientCert[0].getSubjectX500Principal());
             }
+            String sslSessionId = (String) request.getAttribute(ServletRequest.SERVLET_REQUEST_SSL_SESSION_ID);
+            if (sslSessionId != null) {
+                accessLogEntry.addKeyValue("ssl-session-id", sslSessionId);
+            }
+            String cipherSuite = (String) request.getAttribute(ServletRequest.SERVLET_REQUEST_CIPHER_SUITE);
+            if (cipherSuite != null) {
+                accessLogEntry.addKeyValue("cipher-suite", cipherSuite);
+            }
 
             final long startTime = request.getTimeStamp();
             final long endTime = System.currentTimeMillis();
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java
index 2eb7f432ec2..65c8e153164 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java
@@ -39,6 +39,8 @@ public class ServletRequest extends HttpServletRequestWrapper implements Servlet
     public static final String JDISC_REQUEST_PRINCIPAL = "jdisc.request.principal";
     public static final String JDISC_REQUEST_X509CERT = "jdisc.request.X509Certificate";
     public static final String SERVLET_REQUEST_X509CERT = "javax.servlet.request.X509Certificate";
+    public static final String SERVLET_REQUEST_SSL_SESSION_ID = "javax.servlet.request.ssl_session_id";
+    public static final String SERVLET_REQUEST_CIPHER_SUITE = "javax.servlet.request.cipher_suite";
 
     private final HttpServletRequest request;
     private final HeaderFields headerFields;
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2019-04-11 15:45:11 +0200
committer	GitHub <noreply@github.com>	2019-04-11 15:45:11 +0200
commit	6a0a5ed5778941b27017f3a9eff045a703c2f7ca (patch)
tree	f185d1aa1f9c9c0631864acd57266ae933dd3c7d
parent	baacd388fa74991e561c0690a2a2b78b92bc382e (diff)
parent	6d6a96ba6bdf81636c0c869e01e5a06fbb3b2a83 (diff)