Closed jlcsmith closed 3 years ago
build now
Internal build has been started, your results will be available at build completion.
Build FAILURE See the job results in legacy Jenkins UI or in Blue Ocean UI.
🎉 Hero Successful 🎉 Ran through several sequences of uploading, searching, modifying, downloading, deleting, and restoring data using websockets and without. Also submitted requests directly to rest endpoints. In all cases, the client IP and port are being audit logged as expected.
build now
Internal build has been started, your results will be available at build completion.
Build SUCCESS See the job results in legacy Jenkins UI or in Blue Ocean UI.
What does this PR do?
This PR adds the client IP and Port to all audit events. It does this by utilizing the client-info map in the ThreadContext. Prior to this, the IP/port would only get logged if the audit event included a CXF message. This wasn't present in many cases (Websocket requests and other non-CXF requests).
Who is reviewing it?
@glenhein @SmithJosh @derekwilhelm @pklinef
Select relevant component teams:
@codice/security
Ask 2 committers to review/merge the PR and tag them here.
Any of @glenhein @SmithJosh @derekwilhelm @pklinef
How should this be tested?
Verify that the audit events include the Client IP/Port in all cases.
Any background context you want to provide?
What are the relevant tickets?
Fixes: #6636
Screenshots
Checklist:
Notes on Review Process
Please see Notes on Review Process for further guidance on requirements for merging and abbreviated reviews.
Review Comment Legend: