Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13840

AuditLogger issues when logged from HttpServletRequest

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • None
    • None
    • Auditlogging
    • None

    Description

      Spinoff from SOLR-13741

      When a REJECTED event is generated from SolrDispatchFilter on failed authentication, we only have the HttpServletRequest as input, no SolrParams, Principal etc. In this case we parse "resource" from contextPath, while we should use getPathInfo(). Also, we fail to detect admin requests as such and get UNKNOWN instead. Lastly, the solrParams part of AuditEvent is not filled at all from in this case, while we could have filled it with the parameters in the request.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. SOLR-13835 HttpSolrCall produces incorrect extra AuditEvent on AuthorizationResponse.PROMPT

          • Major - Major loss of function.
          • Resolved
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. SOLR-13835 HttpSolrCall produces incorrect extra AuditEvent on AuthorizationResponse.PROMPT

          • Major - Major loss of function.
          • Resolved
          requires

          Test - A new unit, integration or system test. SOLR-13741 AuditLoggerIntegrationTest hardening

          • Major - Major loss of function.
          • Closed

          Activity

            People

              janhoy Jan Høydahl
              janhoy Jan Høydahl
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: