diff options
| author | Morten Tokle <mortent@verizonmedia.com> | 2021-02-15 18:41:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-15 18:41:58 +0100 |
| commit | 7c0c3d3ba6921f4843c92fc8855e8f459425d119 (patch) | |
| tree | 716759dc6e6bb55db86d2f9ab8abd6fb925a876e | |
| parent | ea4dacdefed91f405886b732aaf5136cd1fdda8f (diff) | |
| parent | 6d6162f238e8d4b70d3e2957da06053eb83a1040 (diff) | |
Merge pull request #16522 from vespa-engine/bjorncs/ssl-principal-access-log
Add back 'ssl-principal' to json access log
3 files changed, 18 insertions, 5 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/container/logging/JSONFormatter.java b/jdisc_http_service/src/main/java/com/yahoo/container/logging/JSONFormatter.java index 441e139bc67..680ee5acbd9 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/container/logging/JSONFormatter.java +++ b/jdisc_http_service/src/main/java/com/yahoo/container/logging/JSONFormatter.java @@ -15,8 +15,6 @@ import java.util.Objects; import java.util.logging.Level; import java.util.logging.Logger; -import static com.yahoo.container.logging.FormatUtil.writeSecondsField; - /** * Formatting of an {@link AccessLogEntry} in the Vespa JSON access log format. * @@ -64,9 +62,14 @@ public class JSONFormatter implements LogWriter<RequestLogEntry> { generator.writeStringField("connection", connectionId); } - Principal principal = entry.userPrincipal().orElse(null); - if (principal != null) { - generator.writeStringField("user-principal", principal.getName()); + Principal userPrincipal = entry.userPrincipal().orElse(null); + if (userPrincipal != null) { + generator.writeStringField("user-principal", userPrincipal.getName()); + } + + Principal sslPrincipal = entry.sslPrincipal().orElse(null); + if (sslPrincipal != null) { + generator.writeStringField("ssl-principal", sslPrincipal.getName()); } String remoteAddress = entry.remoteAddress().orElse(null); diff --git a/jdisc_http_service/src/main/java/com/yahoo/container/logging/RequestLogEntry.java b/jdisc_http_service/src/main/java/com/yahoo/container/logging/RequestLogEntry.java index b771ea11ed0..819907fc9f1 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/container/logging/RequestLogEntry.java +++ b/jdisc_http_service/src/main/java/com/yahoo/container/logging/RequestLogEntry.java @@ -43,6 +43,7 @@ public class RequestLogEntry { private final String rawPath; private final String rawQuery; private final Principal userPrincipal; + private final Principal sslPrincipal; private final HitCounts hitCounts; private final TraceNode traceNode; private final Map<String, Collection<String>> extraAttributes; @@ -67,6 +68,7 @@ public class RequestLogEntry { this.rawPath = builder.rawPath; this.rawQuery = builder.rawQuery; this.userPrincipal = builder.userPrincipal; + this.sslPrincipal = builder.sslPrincipal; this.hitCounts = builder.hitCounts; this.traceNode = builder.traceNode; this.extraAttributes = copyExtraAttributes(builder.extraAttributes); @@ -91,6 +93,7 @@ public class RequestLogEntry { public Optional<String> rawPath() { return Optional.ofNullable(rawPath); } public Optional<String> rawQuery() { return Optional.ofNullable(rawQuery); } public Optional<Principal> userPrincipal() { return Optional.ofNullable(userPrincipal); } + public Optional<Principal> sslPrincipal() { return Optional.ofNullable(sslPrincipal); } public Optional<HitCounts> hitCounts() { return Optional.ofNullable(hitCounts); } public Optional<TraceNode> traceNode() { return Optional.ofNullable(traceNode); } public Collection<String> extraAttributeKeys() { return Collections.unmodifiableCollection(extraAttributes.keySet()); } @@ -135,6 +138,7 @@ public class RequestLogEntry { private Principal userPrincipal; private HitCounts hitCounts; private TraceNode traceNode; + private Principal sslPrincipal; private final Map<String, Collection<String>> extraAttributes = new HashMap<>(); public Builder connectionId(String connectionId) { this.connectionId = requireNonNull(connectionId); return this; } @@ -156,6 +160,7 @@ public class RequestLogEntry { public Builder rawPath(String rawPath) { this.rawPath = requireNonNull(rawPath); return this; } public Builder rawQuery(String rawQuery) { this.rawQuery = requireNonNull(rawQuery); return this; } public Builder userPrincipal(Principal userPrincipal) { this.userPrincipal = requireNonNull(userPrincipal); return this; } + public Builder sslPrincipal(Principal sslPrincipal) { this.sslPrincipal = requireNonNull(sslPrincipal); return this; } public Builder hitCounts(HitCounts hitCounts) { this.hitCounts = requireNonNull(hitCounts); return this; } public Builder traceNode(TraceNode traceNode) { this.traceNode = requireNonNull(traceNode); return this; } public Builder addExtraAttribute(String key, String value) { diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index b38b9dcdfb2..4b023f427a4 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -14,6 +14,7 @@ import org.eclipse.jetty.util.component.AbstractLifeCycle; import javax.servlet.http.HttpServletRequest; import java.security.Principal; +import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; import java.util.List; @@ -101,6 +102,10 @@ class AccessLogRequestLog extends AbstractLifeCycle implements org.eclipse.jetty builder.addExtraAttribute(header, value); } }); + X509Certificate[] clientCert = (X509Certificate[]) request.getAttribute(ServletRequest.SERVLET_REQUEST_X509CERT); + if (clientCert != null && clientCert.length > 0) { + builder.sslPrincipal(clientCert[0].getSubjectX500Principal()); + } AccessLogEntry accessLogEntry = (AccessLogEntry) request.getAttribute(JDiscHttpServlet.ATTRIBUTE_NAME_ACCESS_LOG_ENTRY); if (accessLogEntry != null) { |