feat: Log incomming requests

b28c941d · Dominik Frantisek Bucik · 5538a68c · b28c941d · b28c941d
Verified Commit b28c941d authored 1 year ago by Dominik Frantisek Bucik
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
@@ -116,6 +116,8 @@
        <security:expression-handler ref="oauthExpressionHandler" />
    </security:global-method-security>

+    <bean id="logRequestFilter" class="cz.muni.ics.oidc.web.LogRequestFilter"/>
+
    <!-- Token endpoint -->
    <security:http pattern="/token"
                   create-session="stateless"
@@ -127,6 +129,7 @@
        <security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
        <!-- include this only if you need to authenticate clients via request parameters -->
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
        <security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
@@ -140,6 +143,7 @@
                   entry-point-ref="oauthAuthenticationEntryPoint"
                   create-session="stateless">
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
        <security:expression-handler ref="oauthWebExpressionHandler" />
@@ -154,6 +158,7 @@
                   authentication-manager-ref="clientAuthenticationManager">
        <security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
@@ -167,6 +172,7 @@
                   entry-point-ref="oauthAuthenticationEntryPoint"
                   create-session="stateless">
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
        <security:expression-handler ref="oauthWebExpressionHandler" />
@@ -181,6 +187,7 @@
                   authentication-manager-ref="clientAuthenticationManager">
        <security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
@@ -197,6 +204,7 @@
        <security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
        <!-- include this only if you need to authenticate clients via request parameters -->
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
        <security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
@@ -211,6 +219,7 @@
                   create-session="stateless">
        <security:intercept-url pattern="/#{T(cz.muni.ics.openid.connect.web.endpoint.JWKSetPublishingEndpoint).URL}**" access="permitAll"/>
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
        <security:csrf disabled="true"/>
    </security:http>
@@ -222,6 +231,7 @@
                   create-session="stateless">
        <security:intercept-url pattern="/#{T(cz.muni.ics.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
        <security:csrf disabled="true"/>
    </security:http>
@@ -268,6 +278,7 @@
                                access="permitAll()"/>
        <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_EXCEPTION')"/>
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
+        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="metadataGeneratorFilter" before="CHANNEL_FILTER"/>
        <security:custom-filter ref="clearSessionFilter" after="CHANNEL_FILTER"/>
        <security:custom-filter ref="samlFilter" before="CSRF_FILTER"/>

--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/LogRequestFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/LogRequestFilter.java
+package cz.muni.ics.oidc.web;
+
+import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Slf4j
+public class LogRequestFilter extends OncePerRequestFilter {
+
+    public static final String SEPARATOR = "---------------------------------------------------------------------\n";
+    public static final String WRAPPER = "#####################################################################\n";
+
+    public static final String MSG = WRAPPER +
+            "Incoming request: {} {}\n" +
+            SEPARATOR +
+            "PARAMETERS: {}\n" +
+            SEPARATOR +
+            "HEADERS: {}" +
+            WRAPPER;
+
+    @Override
+    protected void doFilterInternal(final HttpServletRequest req,
+                                    HttpServletResponse response,
+                                    FilterChain filterChain)
+            throws ServletException, IOException
+    {
+        log.trace(MSG, req.getMethod(), req.getRequestURL(),
+                Collections.list(req.getParameterNames())
+                        .stream()
+                        .collect(
+                                Collectors.toMap(
+                                        parameter -> parameter,
+                                        parameter -> List.of(req.getParameterValues((String) parameter))
+                                )
+                        ),
+                Collections.list(req.getHeaderNames())
+                        .stream()
+                        .collect(
+                                Collectors.toMap(
+                                        header -> header,
+                                        header -> List.of(req.getHeaders((String)header))
+                                )
+                        )
+        );
+
+        filterChain.doFilter(req, response);
+    }
+
+}