Loading gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java +4 −4 Original line number Diff line number Diff line Loading @@ -33,7 +33,7 @@ public class JWTFilter implements Filter { String authHeader = request.getHeader("Authorization"); if (authHeader == null) { loggingDAO.logAction("Attempt to access WS without token"); loggingDAO.logAction("Attempt to access WS without token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token"); return; } Loading @@ -42,7 +42,7 @@ public class JWTFilter implements Filter { OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader); if (accessToken.isExpired()) { loggingDAO.logAction("Attempt to access WS with expired token"); loggingDAO.logAction("Attempt to access WS with expired token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired"); return; } Loading @@ -50,13 +50,13 @@ public class JWTFilter implements Filter { Map<String, Object> claims = accessToken.getAdditionalInformation(); if (claims.get("sub") == null) { loggingDAO.logAction("Attempt to access WS with invalid token"); loggingDAO.logAction("Attempt to access WS with invalid token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim"); return; } ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName()); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request); fc.doFilter(wrappedRequest, res); } Loading gms/src/main/java/it/inaf/ia2/gms/persistence/LoggingDAO.java +9 −5 Original line number Diff line number Diff line Loading @@ -18,7 +18,7 @@ public class LoggingDAO { private final JdbcTemplate jdbcTemplate; @Autowired @Autowired(required = false) private HttpServletRequest request; @Autowired Loading Loading @@ -53,15 +53,19 @@ public class LoggingDAO { } public void logAction(String action) { logAction(action, request); } public void logAction(String action, HttpServletRequest request) { try { String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"; jdbcTemplate.update(conn -> { PreparedStatement ps = conn.prepareStatement(sql); int i = 0; ps.setString(++i, getUser()); ps.setString(++i, getUser(request)); ps.setString(++i, action); ps.setString(++i, getIPAddress()); ps.setString(++i, getIPAddress(request)); return ps; }); } catch (Throwable t) { Loading @@ -69,7 +73,7 @@ public class LoggingDAO { } } private String getIPAddress() { private String getIPAddress(HttpServletRequest request) { String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { return request.getRemoteAddr(); Loading @@ -78,7 +82,7 @@ public class LoggingDAO { } } private String getUser() { private String getUser(HttpServletRequest request) { if (request.getUserPrincipal() != null) { return request.getUserPrincipal().getName(); } Loading Loading
gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java +4 −4 Original line number Diff line number Diff line Loading @@ -33,7 +33,7 @@ public class JWTFilter implements Filter { String authHeader = request.getHeader("Authorization"); if (authHeader == null) { loggingDAO.logAction("Attempt to access WS without token"); loggingDAO.logAction("Attempt to access WS without token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token"); return; } Loading @@ -42,7 +42,7 @@ public class JWTFilter implements Filter { OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader); if (accessToken.isExpired()) { loggingDAO.logAction("Attempt to access WS with expired token"); loggingDAO.logAction("Attempt to access WS with expired token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired"); return; } Loading @@ -50,13 +50,13 @@ public class JWTFilter implements Filter { Map<String, Object> claims = accessToken.getAdditionalInformation(); if (claims.get("sub") == null) { loggingDAO.logAction("Attempt to access WS with invalid token"); loggingDAO.logAction("Attempt to access WS with invalid token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim"); return; } ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName()); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request); fc.doFilter(wrappedRequest, res); } Loading
gms/src/main/java/it/inaf/ia2/gms/persistence/LoggingDAO.java +9 −5 Original line number Diff line number Diff line Loading @@ -18,7 +18,7 @@ public class LoggingDAO { private final JdbcTemplate jdbcTemplate; @Autowired @Autowired(required = false) private HttpServletRequest request; @Autowired Loading Loading @@ -53,15 +53,19 @@ public class LoggingDAO { } public void logAction(String action) { logAction(action, request); } public void logAction(String action, HttpServletRequest request) { try { String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"; jdbcTemplate.update(conn -> { PreparedStatement ps = conn.prepareStatement(sql); int i = 0; ps.setString(++i, getUser()); ps.setString(++i, getUser(request)); ps.setString(++i, action); ps.setString(++i, getIPAddress()); ps.setString(++i, getIPAddress(request)); return ps; }); } catch (Throwable t) { Loading @@ -69,7 +73,7 @@ public class LoggingDAO { } } private String getIPAddress() { private String getIPAddress(HttpServletRequest request) { String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { return request.getRemoteAddr(); Loading @@ -78,7 +82,7 @@ public class LoggingDAO { } } private String getUser() { private String getUser(HttpServletRequest request) { if (request.getUserPrincipal() != null) { return request.getUserPrincipal().getName(); } Loading
