[
https://issues.apache.org/jira/browse/NIFI-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-12813:
------------------------------------
Status: Patch Available (was: Open)
> Username Missing from HTTP Request Log
> --------------------------------------
>
> Key: NIFI-12813
> URL: https://issues.apache.org/jira/browse/NIFI-12813
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 2.0.0-M2
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> Following the upgrade to Jetty 12 and related libraries, the username field
> is never populated in the HTTP Request Log sent to nifi-request.log.
> The problem is due to an attribute name mismatch between two different
> packages containing the same Jetty {{AuthenticationState}} interface. This
> interface provides the request attribute name that the Jetty
> {{CustomRequestLog}} uses to determine the authenticated user. Without
> setting the correct attribute name, the Jetty RequestLog cannot determine the
> authenticated user, resulting in an empty value regardless of user
> authentication status.
> This lack of logging does not impact authentication and authorization
> processing, and additional logging can be configured for Spring Security
> loggers to track user authentication in the impacted version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
