Uploaded image for project: 'GeoServer'
  1. GeoServer
  2. GEOS-7538

Monitoring plugin doesn't log remote user

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 2.8.3, 2.9-RC1
    • Fix Version/s: 2.8.4, 2.9.1, 2.10-M0
    • Component/s: Monitoring
    • Labels:
      None

      Description

      Hi,

      We are testing the monitoring plugin in GeoServer 2.8.3 and noticed that the user executing the request (RemoteUser) was never logged.
      We noticed this behaviour with users from the default XML service and with users from LDAP (using LDAP authentication provider).

      We've investigated this a bit further.
      Both users from the XML service as users from LDAP implement org.springframework.security.core.userdetails.UserDetails.

      In MonitorFilter (https://github.com/geoserver/geoserver/blob/2.8.3/src/extension/monitor/core/src/main/java/org/geoserver/monitor/MonitorFilter.java) however the remote user is only set when auth.getPrincipal() is an instance of org.springframework.security.core.userdetails.User, which is not the case:

      if (SecurityContextHolder.getContext() != null
      && SecurityContextHolder.getContext().getAuthentication() != null) {
      Authentication auth = SecurityContextHolder.getContext().getAuthentication();
      if (auth.getPrincipal() != null && auth.getPrincipal() instanceof User)

      { data.setRemoteUser(((User)auth.getPrincipal()).getUsername()); }


      }

      Changing this code to check whether auth.getPrincipal() is an instance of org.springframework.security.core.userdetails.UserDetails and casting to this class instead would probably solve the issue.

      Best regards,
      Tim.

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                nmco Nuno Oliveira
                Reporter:
                tvanderborght Tim Vander Borght
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: