Here is my yaml
server:
requestLog:
appenders:
- type: console
layout:
type: access-json
timestampFormat: "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
customFieldNames:
requestTime: requestTimeMillis
contentLength: responseContentLength
includes:
- 'remoteAddress'
- 'remoteUser'
- 'requestTime'
- 'requestUri'
- 'statusCode'
- 'method'
- 'protocol'
- 'contentLength'
- 'userAgent'
- 'timestamp'
- 'requestParameters'
- 'requestContent'
- 'responseContent'
On Tuesday, August 6, 2019 at 10:16:50 AM UTC-7, David Capwell wrote:
>
> This is a continuation, but for the remoteUser field (see
> https://groups.google.com/forum/#!topic/dropwizard-user/OzwpS4mHOOI for
> other fields).
>
> In dropwizard, the auth is at the Jersey layer, but the audit log is at
> the servlet layer, so servlet auth is disabled
>
> setAuthentication(Authentication.NOT_CHECKED);
>
>
> See org.eclipse.jetty.server.Request#recycle()
>
> For this reason, the jersey layer may know the actual user making the
> request, but the audit logs won't record this, since jetty thinks auth is
> disabled so returns null
> to ch.qos.logback.access.spi.AccessEvent#getRemoteUser; so it will be
> skipped from the log.
>
> Is there any way to get the audit log to learn about the user?
>
> Thanks for your help!
>
--
You received this message because you are subscribed to the Google Groups
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dropwizard-user+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/dropwizard-user/ff2ca7a1-4f18-4704-9349-396065f6a884%40googlegroups.com.
