I currently have an instance of the WebAPI and Atlas running inside of a Broadsea Webtools Docker container. We are authenticating users with Atlas/WebAPI’s Basic Security Configuration.
All is well and working, but we have a new security requirement that we need to be able to see WHO requested WHAT endpoint on WHICH date. I was hoping to just piggy-back off the Tomcat Access Logs in order to get this information. I’m able to
exec into my docker container with
docker exec -it <docker-container-name> bash and navigate to
/usr/local/tomcat/logs and I see the following files:
catalina.2022-11-23.log host-manager.2022-11-23.log localhost.2022-11-23.log localhost_access_log.2022-11-23.txt manager.2022-11-23.log
If I tail the
localhost_access_log.<DATE> for the current day, I see the endpoints getting hit – lovely!
However, I’m noticing that even though we are using the common tomcat access log pattern of
%h %l %u %t "%r" %s %b, the authenticated user is not being passed into the
%u placeholder like it should. Therefore, we’re unable to see who requested each endpoint.
Is this something that is missing because of my usage of the Basic Security Configuration of SHIRO, but would potentially be fixed if I authenticated in a more production-level way (i.e. SAML or AD)? I also have
security.ssl.enabled=false in the environment section of my
docker-compose.yml because we’re using a proxy server in front of the Atlas container, and thus Atlas doesn’t need to worry about SSL. If I enable SSL behind the proxy, it will not work since Atlas will try to enforce an encrypted connection between the proxy and the Atlas container, but the proxy is proxying the request without encryption and thus the handshaking will fail. However, is this part of the problem as to why the
%u is not being filled with the authenticated user?
Any information at all about my options here would be so appreciated.