使用spring安全事件记录特定的请求标头 [英] Logging specific request header using spring security events
问题描述
在我的grails应用程序中,失败的登录尝试使用spring安全事件进行记录,如下所示 http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/single.html#7.3 %20注册%20Callback%20Closures
我的问题与客户端IP检索有关。通常,从事件的详细信息对象中调用 getRemoteAddress 应该完成这项工作,但我的情况是,我的应用程序位于反向代理的后面,因此我应该从请求标头获取IP X-Forwarded-对于。
close事件对象和应用程序上下文参数都不提供对请求对象的访问权限。全局请求对象也不可用。
任何想法如何获取头文件或其他方式来实现这个功能?
如果它存在,你可以从
RequestContextHolder 获得它: GrailsWebRequest request = RequestContextHolder.currentRequestAttributes()
request.getHeader(X-Forwarded-For)
通常,您可能知道,从服务内部访问Web会话并不是一个好主意。首先,您打破了服务逻辑的抽象和分离,并且请求可能并不总是可用或与当前线程关联。从服务访问会话的一种方式是以下面的方式封装HTTP会话:
class WebUtilService {
void withSession(Closure closure){
try {
GrailsWebRequest request = RequestContextHolder.currentRequestAttributes()
GrailsHttpSession session = request.session
closure.call(session)
}
catch(IllegalStateException ise){
log.warn(No WebRequest available!)
}
}
}
您可以像这样使用它:
class MyService {
WebUtilService webUtilService
void doSomething(){
webUtilService.withSession {HttpSession session - >
log.info(session.myValue)
session.newValue ='可能,但应该是例外'
}
}
}
您可以访问 getHeader()方法。
免责声明:代码来自Marc-Oliver Scheele的博客。
In my grails application, failed login attemps get logged using spring security events as shown here http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/single.html#7.3%20Registering%20Callback%20Closures
My issue has to do with client ip retrieval. Normally, calling getRemoteAddress from details object of the event should do the job, but my case is that my application is behind a reverse proxy therefore i should get the ip from request header X-Forwarded-For.
Neither event object nor application context parameters of the closuse provide access to the request object. The global request object isn't available either.
Any ideas how to get access to headers or any other way to implement this functionality?
You can get it from RequestContextHolder, if it exists:
GrailsWebRequest request = RequestContextHolder.currentRequestAttributes()
request.getHeader("X-Forwarded-For")
Generally, as you probably know, it isn't considered a very good idea to access the web session from within Services. First of all, you break the abstraction and separation of service logic, and requests might not always be available or associated with the current thread. One way to access the session from a service is to encapsulate the HTTP session in the following manner:
class WebUtilService {
void withSession (Closure closure) {
try {
GrailsWebRequest request = RequestContextHolder.currentRequestAttributes()
GrailsHttpSession session = request.session
closure.call(session)
}
catch (IllegalStateException ise) {
log.warn ("No WebRequest available!")
}
}
}
and you would use it like this:
class MyService {
WebUtilService webUtilService
void doSomething() {
webUtilService.withSession { HttpSession session ->
log.info(session.myValue)
session.newValue = 'Possible, but should be exceptional'
}
}
}
where you could have access to the getHeader() method.
Disclaimer: the code is from Marc-Oliver Scheele's blog.
这篇关于使用spring安全事件记录特定的请求标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
