Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4255

add trace logging to the security constraint processing in wildfly/undertow

    Details

    • Target Release:
    • Affects:
      Release Notes
    • Release Notes Docs Status:
      Documented as Known Issue
    • Sprint:
      EAP 7.0.1

      Description

      Add trace logging to the security constraint processing in wildfly/undertow.

      Tomcat/JBossWeb logs the following:

      11:32:09,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Security checking request GET /SimpleWar/Hello
      11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Secure Content]' against GET /Hello --> true
      11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Secure Content]' against GET /Hello --> true
      11:32:09,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling hasUserDataPermission()
      11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) User data constraint has no restrictions
      11:32:09,710 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling authenticate()

      ...
      ...

      11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Authenticated 'admin' with type 'BASIC'
      11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling accessControl()
      11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking roles GenericPrincipal[admin(JBossAdmin,manager,)]
      11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) JBWEB000017: User [admin] has role [JBossAdmin]
      11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Role found: JBossAdmin
      11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Successfully passed all security constraints

      This helps us (support) determine if the user is authenticated, what role is required for a specific resource.

      This is going to be very difficult to support if we do not have this type of information.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  iweiss Ingo Weiss
                  Reporter:
                  dehort Derek Horton
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: