Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2421

AbstractEventLogger.logEvent doesn't check for missing required context attributes

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Log4j-Audit 1.0.0
    • Fix Version/s: Log4j-Audit 1.0.1
    • Component/s: Log4j-Audit
    • Labels:
      None
    • Flags:
      Patch

      Description

      Logging an event through LogEventFactory$AuditProxy validates the missing required context attributes:

      org.apache.logging.log4j.catalog.api.exception.ConstraintValidationException: Event cashPaymentIn has errors :
       ThreadContext does not contain required key userName
            at org.apache.logging.log4j.audit.LogEventFactory$AuditProxy.invoke(LogEventFactory.java:294) ~[log4j-audit-api-1.0.0.jar:1.0.0]
      

       
      Trying the same through the AuditLogger, as the AuditController does, doesn't trigger the same validation and the event gets through with a payload like this, partially adapted from the samples:

      {
      	"eventName": "CashPaymentIn",
      	"requestContextMap": {
      		"loginId": "rgoers",
      		"corpAccountNumber": "12345",
      		"ipAddress": "127.0.0.1"
      	},
      	"properties": {
      		"salesTransaction": "52913b24-2459-416d-803d-e686e63761d0",
      		"currency": "EUR",
      		"amount": "100.00"
      	}
      }
      

      As far as I see in AbstractEventLogger, the validation of present requestContextAttributes starts, but there is no check to see if the required ones are present in the ThreadContext.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                shadow Andrei Ivanov
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: