0 Replies Latest reply on Jul 18, 2012 10:09 PM by aditya3245

    JBoss LOGGING and spring security and users

    aditya3245
    aditya3245 Jul 18, 2012 10:09 PM

      In our $JBOSS_HOME/server/<PROFILE = default >/deploy/jbossweb.sar/server.xml : THIS is how we have defined the logging pattern for HOW the access log file is written.

       

      <Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false" directory="${jboss.server.log.dir}" pattern="combined" suffix=".log" prefix="localhost_access_log."/>

       

       

       

      The alias "combined" gives you the following attributes. The order and number of attributes in this attribute set is exactly how the localhost_access_log file is written:

       

      • combined - %h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"

       

       

       

      I checked out what each variable in that alias pattern means:

       

      http://docs.jboss.org/jbossweb/latest/api/org/apache/catalina/valves/AccessLogValve.html

       

       

       

      Based on that template, this is what we should get:

       

      128.117.140.183 - bob [04/Nov/2008:14:40:46 -0700] "GET /manager/html HTTP/1.1" 200 13022 "http://localhost:8080/"

      "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3" 325

       

       

      where %u =jason

       

       

      Instead, THIS is what we do get

       

       

      128.117.140.183 - - [04/Nov/2008:14:40:46 -0700] "GET /manager/html HTTP/1.1" 200 13022 "http://localhost:8080/"

      "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3" 325

       

       

      Any ideas so as to what might be causing this ?

       

       

      Note also that we are counting on Spring Security to pass on the user attribute to jboss.

       

      Spring security is configured in the web.xml in this manner:

       

      <filter>
                    <filter-name>springSecurityFilterChain</filter-name>
                    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                </filter>
                <filter-mapping>
                    <filter-name>springSecurityFilterChain</filter-name>
                    <url-pattern>/*</url-pattern>
                </filter-mapping>

                    <!-- Spring Security Fix -->
                    <taglib>
                        <taglib-uri>http://www.springframework.org/security-jboss/tags</taglib-uri>
                        <taglib-location>/META-INF/security-jboss.tld</taglib-location>
                    </taglib>

       

       

      Apprently JBoss logging has no knowledge of Spring Security's security context even if its defined in the web.xml (the app is deployed as a WAR).

       

      The authenticated user by extension, then only exists within the application (once the filter chain is executed), so we would never (?) be able to access it in a JBoss valve.

       

      Is there a way for JBoss to get those values from Spring Security ?

       

      Is that true ? Is there any de facto standard for access log when using Spring Security?