[Cosmo-dev] Identifying tickets more easily in logs

Thu May 3 12:01:38 PDT 2007

We have this handy UsernameRequestIntegrationFilter which places the 
contents of CosmoSecurityContext.getName() into a request variable 
COSMO_PRINCIPAL which then gets placed into the "username" field of 
Tomcat's access logs.

CosmoSecurityContext.getName() returns one of three values.  Either 
"anonymous", the ticket used for access, or the account's username.

Back in the day, I had planned to identify tickets in this field because 
they had a bunch of dashes in them (that is, they were UUIDs).

When the ticket names were shortened to "short and sweet", it made it 
more difficult to tell, just from looking at a string, what was a ticket 
and what was a username.  Quick, is "lyewhope10" a username or ticket?

So, for metrics purposes, I'd like to uniquely identify, in the HTTP 
access logs generated by Tomcat, what's a ticket and what's a username.

I propose prepending tickets with the identifier "tix=".  The attached 
patch accomplished this.  I'd like to get a small code review, as I make 
no claims about correctness or efficiency.  Suggestions for coding 
improvements would benefit both myself and Cosmo.

Additionally, I'm shooting for inclusion into 0.6.1 since this feature 
goes to my ability to generate certains kinds of metrics for the hosted 
service.

If there are no objections to this idea and patch, I can open a bugzilla 
enhancement and attach it there.

Thanks!

-- Jared
-------------- next part --------------
=== cosmo/src/main/java/org/osaf/cosmo/filters/UsernameRequestIntegrationFilter.java
==================================================================

--- cosmo/src/main/java/org/osaf/cosmo/filters/UsernameRequestIntegrationFilter.java	(revision 19698)
+++ cosmo/src/main/java/org/osaf/cosmo/filters/UsernameRequestIntegrationFilter.java	(local)
@@ -28,6 +28,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.osaf.cosmo.security.CosmoSecurityException;
 import org.osaf.cosmo.security.CosmoSecurityManager;
+import org.osaf.cosmo.security.CosmoSecurityContext;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 
@@ -44,6 +45,8 @@
     private static final Log log = LogFactory.getLog(UsernameRequestIntegrationFilter.class);
     private static final String USERNAME_ATTRIBUTE_KEY = "COSMO_PRINCIPAL";
     private CosmoSecurityManager securityManager;
+    private CosmoSecurityContext securityContext;
+    private String cosmoPrincipalUsername;
     private String BEAN_SECURITY_MANAGER =
         "securityManager";
 
@@ -55,8 +58,12 @@
     public void doFilter(ServletRequest request, ServletResponse response,
             FilterChain chain) throws IOException, ServletException {
         try {
-            request.setAttribute(USERNAME_ATTRIBUTE_KEY, 
-                    securityManager.getSecurityContext().getName());
+            securityContext = securityManager.getSecurityContext();
+            cosmoPrincipalUsername = securityContext.getName();
+            if (securityContext.getTicket() != null) {
+                cosmoPrincipalUsername = "tix=" + cosmoPrincipalUsername;
+            }
+            request.setAttribute(USERNAME_ATTRIBUTE_KEY, cosmoPrincipalUsername);
         } catch (CosmoSecurityException e){
             request.setAttribute(USERNAME_ATTRIBUTE_KEY, "-");
         }
