Loading gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java +4 −4 Original line number Original line Diff line number Diff line Loading @@ -33,7 +33,7 @@ public class JWTFilter implements Filter { String authHeader = request.getHeader("Authorization"); String authHeader = request.getHeader("Authorization"); if (authHeader == null) { if (authHeader == null) { loggingDAO.logAction("Attempt to access WS without token"); loggingDAO.logAction("Attempt to access WS without token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token"); return; return; } } Loading @@ -42,7 +42,7 @@ public class JWTFilter implements Filter { OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader); OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader); if (accessToken.isExpired()) { if (accessToken.isExpired()) { loggingDAO.logAction("Attempt to access WS with expired token"); loggingDAO.logAction("Attempt to access WS with expired token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired"); return; return; } } Loading @@ -50,13 +50,13 @@ public class JWTFilter implements Filter { Map<String, Object> claims = accessToken.getAdditionalInformation(); Map<String, Object> claims = accessToken.getAdditionalInformation(); if (claims.get("sub") == null) { if (claims.get("sub") == null) { loggingDAO.logAction("Attempt to access WS with invalid token"); loggingDAO.logAction("Attempt to access WS with invalid token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim"); return; return; } } ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims); ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName()); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request); fc.doFilter(wrappedRequest, res); fc.doFilter(wrappedRequest, res); } } Loading gms/src/main/java/it/inaf/ia2/gms/persistence/LoggingDAO.java +9 −5 Original line number Original line Diff line number Diff line Loading @@ -18,7 +18,7 @@ public class LoggingDAO { private final JdbcTemplate jdbcTemplate; private final JdbcTemplate jdbcTemplate; @Autowired @Autowired(required = false) private HttpServletRequest request; private HttpServletRequest request; @Autowired @Autowired Loading Loading @@ -53,15 +53,19 @@ public class LoggingDAO { } } public void logAction(String action) { public void logAction(String action) { logAction(action, request); } public void logAction(String action, HttpServletRequest request) { try { try { String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"; String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"; jdbcTemplate.update(conn -> { jdbcTemplate.update(conn -> { PreparedStatement ps = conn.prepareStatement(sql); PreparedStatement ps = conn.prepareStatement(sql); int i = 0; int i = 0; ps.setString(++i, getUser()); ps.setString(++i, getUser(request)); ps.setString(++i, action); ps.setString(++i, action); ps.setString(++i, getIPAddress()); ps.setString(++i, getIPAddress(request)); return ps; return ps; }); }); } catch (Throwable t) { } catch (Throwable t) { Loading @@ -69,7 +73,7 @@ public class LoggingDAO { } } } } private String getIPAddress() { private String getIPAddress(HttpServletRequest request) { String ipAddress = request.getHeader("X-FORWARDED-FOR"); String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { if (ipAddress == null) { return request.getRemoteAddr(); return request.getRemoteAddr(); Loading @@ -78,7 +82,7 @@ public class LoggingDAO { } } } } private String getUser() { private String getUser(HttpServletRequest request) { if (request.getUserPrincipal() != null) { if (request.getUserPrincipal() != null) { return request.getUserPrincipal().getName(); return request.getUserPrincipal().getName(); } } Loading Loading
gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java +4 −4 Original line number Original line Diff line number Diff line Loading @@ -33,7 +33,7 @@ public class JWTFilter implements Filter { String authHeader = request.getHeader("Authorization"); String authHeader = request.getHeader("Authorization"); if (authHeader == null) { if (authHeader == null) { loggingDAO.logAction("Attempt to access WS without token"); loggingDAO.logAction("Attempt to access WS without token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token"); return; return; } } Loading @@ -42,7 +42,7 @@ public class JWTFilter implements Filter { OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader); OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(authHeader); if (accessToken.isExpired()) { if (accessToken.isExpired()) { loggingDAO.logAction("Attempt to access WS with expired token"); loggingDAO.logAction("Attempt to access WS with expired token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access token is expired"); return; return; } } Loading @@ -50,13 +50,13 @@ public class JWTFilter implements Filter { Map<String, Object> claims = accessToken.getAdditionalInformation(); Map<String, Object> claims = accessToken.getAdditionalInformation(); if (claims.get("sub") == null) { if (claims.get("sub") == null) { loggingDAO.logAction("Attempt to access WS with invalid token"); loggingDAO.logAction("Attempt to access WS with invalid token", request); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid access token: missing sub claim"); return; return; } } ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims); ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName()); loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request); fc.doFilter(wrappedRequest, res); fc.doFilter(wrappedRequest, res); } } Loading
gms/src/main/java/it/inaf/ia2/gms/persistence/LoggingDAO.java +9 −5 Original line number Original line Diff line number Diff line Loading @@ -18,7 +18,7 @@ public class LoggingDAO { private final JdbcTemplate jdbcTemplate; private final JdbcTemplate jdbcTemplate; @Autowired @Autowired(required = false) private HttpServletRequest request; private HttpServletRequest request; @Autowired @Autowired Loading Loading @@ -53,15 +53,19 @@ public class LoggingDAO { } } public void logAction(String action) { public void logAction(String action) { logAction(action, request); } public void logAction(String action, HttpServletRequest request) { try { try { String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"; String sql = "INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"; jdbcTemplate.update(conn -> { jdbcTemplate.update(conn -> { PreparedStatement ps = conn.prepareStatement(sql); PreparedStatement ps = conn.prepareStatement(sql); int i = 0; int i = 0; ps.setString(++i, getUser()); ps.setString(++i, getUser(request)); ps.setString(++i, action); ps.setString(++i, action); ps.setString(++i, getIPAddress()); ps.setString(++i, getIPAddress(request)); return ps; return ps; }); }); } catch (Throwable t) { } catch (Throwable t) { Loading @@ -69,7 +73,7 @@ public class LoggingDAO { } } } } private String getIPAddress() { private String getIPAddress(HttpServletRequest request) { String ipAddress = request.getHeader("X-FORWARDED-FOR"); String ipAddress = request.getHeader("X-FORWARDED-FOR"); if (ipAddress == null) { if (ipAddress == null) { return request.getRemoteAddr(); return request.getRemoteAddr(); Loading @@ -78,7 +82,7 @@ public class LoggingDAO { } } } } private String getUser() { private String getUser(HttpServletRequest request) { if (request.getUserPrincipal() != null) { if (request.getUserPrincipal() != null) { return request.getUserPrincipal().getName(); return request.getUserPrincipal().getName(); } } Loading
