Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Objective

Improve the audit logging in the router. For each RESTful http request, we currently only log the URL of the request. We need to log the request body or response body if useful information (dataset properties, program runtime arguments, etc.) is included. 

RESTful endpoints that need to be logged with more information

All RESTful endpoints that needs to be logged with more information are in this Google spreadsheet.

Implementation

Currently, in SecurityAuthenticationHttpHandler, we already have each request audit logged. For each incoming request, we log the clientIP, the URL from HTTPRequest and the responseCode from HTTPResponse. To log the request body or response body, we annotate the RESTful endpoint methods with a new custom annotation AuditPolicy such as: 

 Click here to expand...
/**
 * Annotates a RESTful endpoint method to indicate which content needs to be audit logged.
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface AuditPolicy {

  boolean requestBody() default false;

  boolean responseBody() default false;
}
/**
 * Annotates a RESTful endpoint method to indicate which content needs to be audit logged.
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface AuditPolicy {

  boolean requestBody() default false;

  boolean responseBody() default false;
}


When the router starts up, we will walk through all methods in each handler class to find out what we need to audit log for each RESTful endpoint. For each incoming request, we will check if the request body or response body is needed to be logged. 

 

  • No labels