...
Improve the audit logging in the router. For each REST RESTful http request, we currently only log the URL of the request. W We need to log the request body or response body if useful information (dataset properties, program runtime arguments, etc.) is included.
...
RESTful endpoints that need to be logged with more information
All REST RESTful endpoints that needs to be logged with more information are in this google sheet Google spreadsheet.
Implementation
Currently, in SecurityAuthenticationHttpHandler, we already have each request audit logged. Now for For each incoming request, we log the clientIP, the URL from HTTPRequest and the responseCode from HTTPResponse. To log the request body or response body, we annotate the REST RESTful endpoint methods with a new custom annotation AuditPolicy likesuch as:
| Code Block | ||
|---|---|---|
| ||
/** * Annotates a RESTRESTful endpoint method to indicate which content needs to be audit logged. */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface AuditPolicy { boolean requestBody() default false; boolean responseBody() default false; } |
When the router starts up, we will walk through all methods in each handler class to find out what we need to audit log for each REST RESTful endpoint. For each incoming request, we will check if the request body or response body is needed to logbe logged.