More logging fields for unauthorized requests

When a request requires authentication, log username, IP address, and the status code returned by the auth attempt. Previously logged projectName only.
2024-09-16 02:52:31 -04:00 · 2017-09-08 09:16:33 +01:00 · 2017-09-08 09:16:33 +01:00 · 976419b2d2
commit 976419b2d2
parent a3a41640b9
1 changed files with 19 additions and 6 deletions
--- a/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/server/Oauth2Filter.java
+++ b/services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/server/Oauth2Filter.java
@ -85,6 +85,7 @@ public class Oauth2Filter implements Filter {
    ) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        String capturedUsername = "(unknown)";

        String authHeader = request.getHeader("Authorization");
        if (authHeader != null) {
@ -103,6 +104,9 @@ public class Oauth2Filter implements Filter {
                            String username = split[0];
                            String password = split[1];
                            String accessToken = null;
+                            if (username.length() > 0) {
+                                capturedUsername = username;
+                            }
                            try {
                                accessToken = new PasswordTokenRequest(
                                        Instance.httpTransport,
@ -120,7 +124,7 @@ public class Oauth2Filter implements Filter {
                                        )
                                ).execute().getAccessToken();
                            } catch (TokenResponseException e) {
-                                unauthorized(projectName, response);
+                                unauthorized(projectName, capturedUsername, e.getStatusCode(), request, response);
                                return;
                            }
                            final Credential cred = new Credential.Builder(
@ -135,7 +139,7 @@ public class Oauth2Filter implements Filter {
                                    servletResponse
                            );
                        } else {
-                            unauthorized(projectName, response);
+                            unauthorized(projectName, capturedUsername, 0, request, response);
                        }
                    } catch (UnsupportedEncodingException e) {
                        throw new Error("Couldn't retrieve authentication", e);
@ -143,7 +147,7 @@ public class Oauth2Filter implements Filter {
                }
            }
        } else {
-            unauthorized(projectName, response);
+            unauthorized(projectName, capturedUsername, 0, request, response);
        }
    }

@ -152,10 +156,19 @@ public class Oauth2Filter implements Filter {

    private void unauthorized(
            String projectName,
-            ServletResponse servletResponse
+            String userName,
+            int statusCode,
+            HttpServletRequest servletRequest,
+            HttpServletResponse servletResponse
    ) throws IOException {
-        Log.info("[{}] Unauthorized", projectName);
-        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        Log.info(
+            "[{}] Unauthorized, User '{}' status={} ip={}",
+            projectName,
+            userName,
+            statusCode,
+            servletRequest.getRemoteAddr()
+        );
+        HttpServletResponse response = servletResponse;
        response.setContentType("text/plain");
        response.setHeader("WWW-Authenticate", "Basic realm=\"Git Bridge\"");
        response.setStatus(401);