Commit e812c2c9 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Fixed ISE in LoggingDAO when called from JWTFilter

parent ef9122a2
......@@ -33,7 +33,7 @@ public class JWTFilter implements Filter {
String authHeader = request.getHeader("Authorization");
if (authHeader == null) {
loggingDAO.logAction("Attempt to access WS without token");
loggingDAO.logAction("Attempt to access WS without token", request);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token");
return;
}
......@@ -42,7 +42,7 @@ public class JWTFilter implements Filter {
OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader);
if (accessToken.isExpired()) {
loggingDAO.logAction("Attempt to access WS with expired token");
loggingDAO.logAction("Attempt to access WS with expired token", request);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired");
return;
}
......@@ -50,13 +50,13 @@ public class JWTFilter implements Filter {
Map<String, Object> claims = accessToken.getAdditionalInformation();
if (claims.get("sub") == null) {
loggingDAO.logAction("Attempt to access WS with invalid token");
loggingDAO.logAction("Attempt to access WS with invalid token", request);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim");
return;
}
ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims);
loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName());
loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request);
fc.doFilter(wrappedRequest, res);
}
......
......@@ -18,7 +18,7 @@ public class LoggingDAO {
private final JdbcTemplate jdbcTemplate;
@Autowired
@Autowired(required = false)
private HttpServletRequest request;
@Autowired
......@@ -53,15 +53,19 @@ public class LoggingDAO {
}
public void logAction(String action) {
logAction(action, request);
}
public void logAction(String action, HttpServletRequest request) {
try {
String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)";
jdbcTemplate.update(conn -> {
PreparedStatement ps = conn.prepareStatement(sql);
int i = 0;
ps.setString(++i, getUser());
ps.setString(++i, getUser(request));
ps.setString(++i, action);
ps.setString(++i, getIPAddress());
ps.setString(++i, getIPAddress(request));
return ps;
});
} catch (Throwable t) {
......@@ -69,7 +73,7 @@ public class LoggingDAO {
}
}
private String getIPAddress() {
private String getIPAddress(HttpServletRequest request) {
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
return request.getRemoteAddr();
......@@ -78,7 +82,7 @@ public class LoggingDAO {
}
}
private String getUser() {
private String getUser(HttpServletRequest request) {
if (request.getUserPrincipal() != null) {
return request.getUserPrincipal().getName();
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment