[Geoserver-devel] [JIRA] (GEOS-7538) Monitoring plugin doesn't log remote user

GeoServer GeoServer Developer
1

Tim Vander Borght created an issue

GeoServer / BugGEOS-7538

Monitoring plugin doesn’t log remote user

Issue Type:

BugBug

Affects Versions:

2.8.3

Assignee:

Unassigned

Components:

Monitoring

Created:

10/May/16 2:38 PM

Priority:

MediumMedium

Reporter:

Tim Vander Borght

Hi,

We are testing the monitoring plugin in GeoServer 2.8.3 and noticed that the user executing the request (RemoteUser) was never logged.
We noticed this behaviour with users from the default XML service and with users from LDAP (using LDAP authentication provider).

We’ve investigated this a bit further.
Both users from the XML service as users from LDAP implement org.springframework.security.core.userdetails.UserDetails.

In MonitorFilter (https://github.com/geoserver/geoserver/blob/2.8.3/src/extension/monitor/core/src/main/java/org/geoserver/monitor/MonitorFilter.java) however the remote user is only set when auth.getPrincipal() is an instance of org.springframework.security.core.userdetails.User, which is not the case:

if (SecurityContextHolder.getContext() != null
&& SecurityContextHolder.getContext().getAuthentication() != null) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth.getPrincipal() != null && auth.getPrincipal() instanceof User)

{ data.setRemoteUser(((User)auth.getPrincipal()).getUsername()); }

}

Changing this code to check whether auth.getPrincipal() is an instance of org.springframework.security.core.userdetails.UserDetails and casting to this class instead would probably solve the issue.

Best regards,
Tim.

Add Comment

Add Comment

This message was sent by Atlassian JIRA (v1000.5.2#72002-sha1:b4422fe)

Atlassian logo