Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Objective

Improve the audit logging in the router. For each REST http request, we currently only log the URL of the request. W need to log the request body or response body if useful information(dataset properties, program runtime arguments, etc) is included. 

REST endpoints that need to be logged with more information

All REST endpoints that needs to be logged with more information are in this google sheet.

Implementation

Currently, in SecurityAuthenticationHttpHandler, we already have each request audit logged. Now for each incoming request, we log the clientIP, URL from HTTPRequest and responseCode from HTTPResponse. To log the request body or response body, we annotate the REST endpoint methods with a new custom annotation AuditPolicy like: 

/**
 * Annotates a REST endpoint method to indicate which content needs to be audit logged.
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface AuditPolicy {

  boolean requestBody() default false;

  boolean responseBody() default false;
}


When the router starts up, we will walk through all methods in each handler class to find out what we need to audit log for each REST endpoint. For each incoming request, we will check if the request body or response body is needed to log. 

 

  • No labels

Created in 2020 by Google Inc.