diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-29 14:57:54 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-29 14:57:54 +0100 |
| commit | 15099d9518e106e2010b671d8c7225a9158becd9 (patch) | |
| tree | d924dc3ef7ff74d410beaf4cae317a55aef41754 /jdisc_http_service | |
| parent | 166ce7c53a96f733d5e1b909bc8b465a2f8d70ec (diff) | |
Add client tls certificate principal to access log entry
Diffstat (limited to 'jdisc_http_service')
3 files changed, 8 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index c3c83474e56..771e57b0437 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -19,6 +19,7 @@ import java.net.URISyntaxException; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.Optional; import java.util.logging.Level; import java.util.logging.Logger; @@ -115,6 +116,10 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog if (principal != null) { accessLogEntry.setUserPrincipal(principal); } + X509Certificate[] clientCert = (X509Certificate[]) request.getAttribute(ServletRequest.JDISC_REQUEST_X509CERT); + if (clientCert != null && clientCert.length > 0) { + accessLogEntry.setSslPrincipal(clientCert[0].getSubjectX500Principal()); + } } private static String getRemoteAddress(final HttpServletRequest request) { diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java index 714d75f9d1e..a005ea7d96e 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestFactory.java @@ -3,6 +3,7 @@ package com.yahoo.jdisc.http.server.jetty; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.HttpRequest; +import com.yahoo.jdisc.http.servlet.ServletRequest; import com.yahoo.jdisc.service.CurrentContainer; import javax.servlet.http.HttpServletRequest; @@ -27,7 +28,7 @@ class HttpRequestFactory { HttpRequest.Version.fromString(servletRequest.getProtocol()), new InetSocketAddress(servletRequest.getRemoteAddr(), servletRequest.getRemotePort()), getConnection(servletRequest).getCreatedTimeStamp()); - httpRequest.context().put("jdisc.request.X509Certificate", getCertChain(servletRequest)); + httpRequest.context().put(ServletRequest.JDISC_REQUEST_X509CERT, getCertChain(servletRequest)); return httpRequest; } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java index db8780b087c..ea36237bc45 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/servlet/ServletRequest.java @@ -38,6 +38,7 @@ import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnection; */ public class ServletRequest extends HttpServletRequestWrapper implements ServletOrJdiscHttpRequest { public static final String JDISC_REQUEST_PRINCIPAL = "jdisc.request.principal"; + public static final String JDISC_REQUEST_X509CERT = "jdisc.request.X509Certificate"; private final HttpServletRequest request; private final HeaderFields headerFields; |