JBoss LOGGING and spring security and users
aditya3245 Jul 18, 2012 10:09 PMIn our $JBOSS_HOME/server/<PROFILE = default >/deploy/jbossweb.sar/server.xml : THIS is how we have defined the logging pattern for HOW the access log file is written.
<Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false" directory="${jboss.server.log.dir}" pattern="combined" suffix=".log" prefix="localhost_access_log."/>
The alias "combined" gives you the following attributes. The order and number of attributes in this attribute set is exactly how the localhost_access_log file is written:
- combined -
%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"
I checked out what each variable in that alias pattern means:
http://docs.jboss.org/jbossweb/latest/api/org/apache/catalina/valves/AccessLogValve.html
Based on that template, this is what we should get:
128.117.140.183 - bob [04/Nov/2008:14:40:46 -0700] "GET /manager/html HTTP/1.1" 200 13022 "http://localhost:8080/"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3" 325
where %u =jason
Instead, THIS is what we do get
128.117.140.183 - - [04/Nov/2008:14:40:46 -0700] "GET /manager/html HTTP/1.1" 200 13022 "http://localhost:8080/"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3" 325
Any ideas so as to what might be causing this ?
Note also that we are counting on Spring Security to pass on the user attribute to jboss.
Spring security is configured in the web.xml in this manner:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security Fix -->
<taglib>
<taglib-uri>http://www.springframework.org/security-jboss/tags</taglib-uri>
<taglib-location>/META-INF/security-jboss.tld</taglib-location>
</taglib>
Apprently JBoss logging has no knowledge of Spring Security's security context even if its defined in the web.xml (the app is deployed as a WAR).
The authenticated user by extension, then only exists within the application (once the filter chain is executed), so we would never (?) be able to access it in a JBoss valve.
Is there a way for JBoss to get those values from Spring Security ?
Is that true ? Is there any de facto standard for access log when using Spring Security?