Skip to content

C
CTF
Commit ca6f5650 authored by adam's avatar adam
Browse files
Options

Fixed dataflow through the filter

parent d32c1cb0
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 3 deletions
service/src/main/java/com/telephoners/krakyournet/ctf/logging/LoggingFilter.java
View file @ ca6f5650
...@@ -2,10 +2,14 @@ package com.telephoners.krakyournet.ctf.logging; ...@@ -2,10 +2,14 @@ package com.telephoners.krakyournet.ctf.logging;
import com.google.inject.Singleton; import com.google.inject.Singleton;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
import org.glassfish.jersey.server.ContainerRequest;
import org.glassfish.jersey.server.ContainerResponse;
import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.SecurityContext;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
...@@ -16,10 +20,13 @@ import java.util.logging.Logger; ...@@ -16,10 +20,13 @@ import java.util.logging.Logger;
@Singleton @Singleton
public class LoggingFilter implements ContainerRequestFilter { public class LoggingFilter implements ContainerRequestFilter {
private static final Logger LOG = Logger.getLogger(LoggingFilter.class.getName()); private static final Logger LOG = Logger.getLogger(LoggingFilter.class.getName());
private final String LOG_MESSAGE = "%s request for %s";
private final String LOG_MESSAGE_WITH_USERNAME = "%s request for %s from %s with content: %s";
@Override @Override
public void filter(ContainerRequestContext containerRequestContext) throws IOException { public void filter(ContainerRequestContext containerRequestContext) throws IOException {
String requestContent = IOUtils.toString(containerRequestContext.getEntityStream()); InputStream inputStream = containerRequestContext.getEntityStream();
String requestContent = IOUtils.toString(inputStream);
String method = containerRequestContext.getMethod(); String method = containerRequestContext.getMethod();
String requestURI = containerRequestContext.getUriInfo().getRequestUri().toString(); String requestURI = containerRequestContext.getUriInfo().getRequestUri().toString();
SecurityContext securityContext = containerRequestContext.getSecurityContext() ; SecurityContext securityContext = containerRequestContext.getSecurityContext() ;
...@@ -28,11 +35,16 @@ public class LoggingFilter implements ContainerRequestFilter { ...@@ -28,11 +35,16 @@ public class LoggingFilter implements ContainerRequestFilter {
if (securityContext.getUserPrincipal() != null) { if (securityContext.getUserPrincipal() != null) {
String userName = securityContext.getUserPrincipal().getName(); String userName = securityContext.getUserPrincipal().getName();
logMessage = method + " " + requestURI + " from " + userName + " with content: " + requestContent; logMessage = String.format(LOG_MESSAGE_WITH_USERNAME, method, requestURI, userName, requestContent);
} else { } else {
logMessage = method + " " + requestURI; logMessage = String.format(LOG_MESSAGE, method, requestURI);
} }
LOG.log(Level.INFO, logMessage); LOG.log(Level.INFO, logMessage);
// ensuring the data is still available for the rest of the application
inputStream = IOUtils.toInputStream(requestContent, "UTF-8");
containerRequestContext.setEntityStream(inputStream);
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment