Andrei Ivanov created LOG4J2-2421:
-------------------------------------
Summary: AbstractEventLogger.logEvent doesn't check for missing
required context attributes
Key: LOG4J2-2421
URL: https://issues.apache.org/jira/browse/LOG4J2-2421
Project: Log4j 2
Issue Type: Bug
Components: Log4j-Audit
Affects Versions: Log4j-Audit 1.0.0
Reporter: Andrei Ivanov
Logging an event through {{LogEventFactory$AuditProxy}} validates the missing
required context attributes:
{noformat}
org.apache.logging.log4j.catalog.api.exception.ConstraintValidationException:
Event cashPaymentIn has errors :
ThreadContext does not contain required key userName
at
org.apache.logging.log4j.audit.LogEventFactory$AuditProxy.invoke(LogEventFactory.java:294)
~[log4j-audit-api-1.0.0.jar:1.0.0]
{noformat}
Trying the same through the {{AuditLogger}}, as the {{AuditController}} does,
doesn't trigger the same validation and the event gets through with a payload
like this, partially adapted from the samples:
{code:json}
{ "eventName": "CashPaymentIn", "requestContextMap": {"loginId": "rgoers",
"corpAccountNumber": "12345", "ipAddress": "127.0.0.1"}, "properties":
{"salesTransaction": "52913b24-2459-416d-803d-e686e63761d0", "currency": "EUR",
"amount": "100.00"}}
{code}
As far as I see in
[AbstractEventLogger|https://github.com/apache/logging-log4j-audit/blob/master/log4j-audit/log4j-audit-api/src/main/java/org/apache/logging/log4j/audit/AbstractEventLogger.java#L182],
the validation of present {{requestContextAttributes}} starts, but there is no
check to see if the required ones are present in the {{ThreadContext}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
