[
https://issues.apache.org/jira/browse/SOLR-13840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl updated SOLR-13840:
-------------------------------
Summary: AuditLogger issues when logged from HttpServletRequest (was:
AuditLogger issues with REJECTED state due to wrong PW)
> AuditLogger issues when logged from HttpServletRequest
> ------------------------------------------------------
>
> Key: SOLR-13840
> URL: https://issues.apache.org/jira/browse/SOLR-13840
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Auditlogging
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
>
> Spinoff from SOLR-13741
> When a REJECTED event is generated from SolrDispatchFilter on failed
> authentication, we only have the {{HttpServletRequest}} as input, no
> SolrParams, Principal etc. In this case we parse "resource" from contextPath,
> while we should use {{getPathInfo()}}. Also, we fail to detect admin requests
> as such and get UNKNOWN instead. Lastly, the {{solrParams}} part of
> {{AuditEvent}} is not filled at all from in this case, while we could have
> filled it with the parameters in the request.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
