logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ceki Gülcü <c...@qos.ch>
Subject Re: JAAS user
Date Tue, 16 Sep 2003 14:15:34 GMT
Emmanuel,

I am afraid I fail to understand your question. What are your trying to 
bypass? What do you mean by "whereas the file writing should not be refused 
by a loss of privileges"?

At 09:50 AM 9/16/2003 -0400, you wrote:
>Hi,
>
>
>
>I’m developing a web application with Struts and some EJBs and I use JAAS.
>All the code is executed inside a PrivilegedAction class. When I execute the
>code :
>
>
>
>       Subject subject = Subject.getSubject((AccessControlContext)
>System.getSecurityManager().getSecurityContext());
>
>
>
>I got an instance of the subject corresponding to the current user.
>
>
>
>Anywhere I run this line of code, I got a subject, even inside an EJB.
>
>
>
>But what I want to do now is logging the username on every line of log.
>
>
>
>To do this, I subclassed the PatternLayout class to make it looks like this
>:
>
>
>
>package com.cpa.log.layout;
>
>import org.apache.log4j.PatternLayout;
>
>import org.apache.log4j.spi.LoggingEvent;
>
>import java.util.*;
>
>
>
>import javax.security.auth.*;
>
>import javax.security.auth.login.*;
>
>import java.security.*;
>
>
>
>public class CpaLayout extends PatternLayout  {
>
>   public CpaLayout() {
>
>   }
>
>
>
>   public String format(LoggingEvent event) {
>
>     String log = this.getConversionPattern();
>
>     if (log.indexOf("%u") > 0) {
>
>       Subject subject = Subject.getSubject((AccessControlContext)
>System.getSecurityManager().getSecurityContext());
>
>       String login = "";
>
>       if (subject != null) {
>
>         login = ((Principal)
>subject.getPrincipals().iterator().next()).getName();
>
>       }
>
>       else {
>
>         login = "nobody";
>
>       }
>
>       log = log.substring(0, log.indexOf("%u")) + login +
>log.substring(log.indexOf("%u")+2, log.length());
>
>     }
>
>     this.setConversionPattern(log);
>
>     log = super.format(event);
>
>     return log;
>
>   }
>
>}
>
>
>
>This new layout works exactly the same then the PatternLayout. Exept that I
>can add a new convertion character (%u) who is replaced by the first
>principal (the username) of the current subject.
>
>
>
>So the subject returned is null. I suppose that this error is normal,
>whereas the file writing should not be refused by a loss of privileges.
>
>
>
>So how this works and how can I bypass it?
>
>
>
>And does a means of doing what I try already exists? i.e. log the username
>of the current JAAS user in log files.
>
>
>
>
>
>Emmanuel Potvin
>
>Les consultants Parent et associés inc.
>
>(418)802-8439
>
>

-- 
Ceki Gülcü

      For log4j documentation consider "The complete log4j manual"
      ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp

      import org.apache.Facetime;
      ApacheCon US 2003, 18-21 November http://apachecon.com/



---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: log4j-user-help@jakarta.apache.org


Mime
View raw message