Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4FD77768B for ; Fri, 30 Sep 2011 12:57:22 +0000 (UTC) Received: (qmail 43131 invoked by uid 500); 30 Sep 2011 12:57:19 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 42964 invoked by uid 500); 30 Sep 2011 12:57:18 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 42954 invoked by uid 99); 30 Sep 2011 12:57:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 Sep 2011 12:57:18 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of pid@pidster.com designates 209.85.212.45 as permitted sender) Received: from [209.85.212.45] (HELO mail-vw0-f45.google.com) (209.85.212.45) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 Sep 2011 12:57:14 +0000 Received: by vws17 with SMTP id 17so1944601vws.18 for ; Fri, 30 Sep 2011 05:56:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pidster.com; s=google; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :content-type; bh=d8G3BZqs1dDHWqHg4WVcQHFQLM4yIMIumOVC3w7e7xs=; b=IPJ3Kx5gcI9Ue4KhBmt3KNADAiULZfoJHMASm6Bn5/9hnuIbl84uKc4Q6Vf6cKj4yT Ht72B/PPucyeWdUb/asFsip1uRdeej4aH4QsSKqrtVoHTK6uOucoXvaaiMB0cME3tN7G GCkliOG7U9h2V3aZuwOadJH0OPrThImG1SrDA= Received: by 10.52.96.166 with SMTP id dt6mr12322347vdb.345.1317387412212; Fri, 30 Sep 2011 05:56:52 -0700 (PDT) References: <4E8496F5.4010503@christopherschultz.net> <4E84AFA0.2030909@christopherschultz.net> From: "Pid *" In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8K2) Date: Fri, 30 Sep 2011 13:56:44 +0100 Message-ID: <4890864004171834961@unknownmsgid> Subject: Re: Logging properties of attributes in the HttpSession To: Tomcat Users List Content-Type: text/plain; charset=UTF-8 The changes from the Spring security filter can't be seen by the access log valve. p On 30 Sep 2011, at 12:40, Richard Sayre wrote: > I'm still having some trouble. I added the Spring filter and then in > my web app I called: > > getRequest().getRemoteUser() and getRequest().getUserPrincipal().getName() > > Both methods returned the logged in user name. (getRequest() returns > the HttpServletRequest) > > However, in the logs %u is still returning '-'. > > Is there anything else Tomcat needs to have before whatever part of > the API gets called for %u will return the remoteUser? > > Thanks, > > Rich > > > On Thu, Sep 29, 2011 at 3:32 PM, Richard Sayre wrote: >> Ahh yes I just discovered it when you replied: >> >> http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.html >> >> Thanks >> >> Rich >> >> On Thu, Sep 29, 2011 at 3:19 PM, Christopher Schultz >> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Rich, >>> >>> On 9/29/2011 12:18 PM, Richard Sayre wrote: >>>> Thanks, I'm trying to log the user name. I am not using Tomcat >>>> for authentication and I need that info in my access logs. >>> >>> So, that means that %u isn't an option, then? :( >>> >>>> Perhaps I will create a new attribute to hold that value rather >>>> than accessing the object I have in session and calling toString. >>> >>> You have a couple of options, here: >>> >>> 1. Write a Filter that wraps HttpServletRequest and overrides >>> the getRemoteUser to return userObject.getUserId. Then, use >>> "%u" in your access log pattern. >>> 2. Write a Filter that checks the session for "userObject" and no >>> "userId", and sets "userId" as appropriate. >>> 3. Modify your login process to set both "userObject" and, say, >>> "userId" in the session. >>> >>> I would say those are in order of easiest-to-hardest. >>> >>>> On that note if I know the username, is it possible to somehow >>>> inject it so that Tomcat logs it using the %u pattern. >>> >>> Yup, see above. >>> >>>> Previously we used Tomcats built in authentication but we recently >>>> switched to Spring Security. If I could still use %u, then I >>>> could use the 'common' pattern and in turn use >>>> FastCommonAccessLogValve. If not I will use the HTTP Session. >>> >>> Hmm.... I'm surprised that Spring Security doesn't better integrate >>> with the container in order to provide ServletRequest.getPrincipal and >>> ServletRequest.getRemoteUser. I wonder if there is a Filter that >>> already exists in Spring Security that would do what I suggested in #1. >>> >>> - -chris >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.10 (MingW32) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>> >>> iEYEARECAAYFAk6Er6AACgkQ9CaO5/Lv0PB+FACgqb6s6BSBcoiMf4Ka1+awxArC >>> UHoAnR0LSUHNGRnuyHSpvW7vEYONDJuK >>> =NFZ/ >>> -----END PGP SIGNATURE----- >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>> For additional commands, e-mail: users-help@tomcat.apache.org >>> >>> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org