dev@glassfish.java.net

[PROPOSAL] More fine-grained access logging of HTTP request headers

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Mon, 30 Apr 2007 18:04:13 -0700

The semantics of the "%header.<name>%" and "%cookie.value%"
access-log tokens in domain.xml are too limiting, in that they don't
account for multi-valued request headers, and they don't allow an
administrator to select, or narrow down (by cookie name) the cookie
information that is relevant to them.

Currently, these tokens, which have been around since iAS7, cause the
following information about an HTTP request to be access-logged:

%header.<name>%

  -> Logs the value of the first (in case there are multiple) request header
       with the given <name>, or NULL-HEADER-<name> if no header with
the given
       <name> is present in the request.
       Equivalent to
javax.servlet.http.HttpServletRequest.getHeader(<name>).

       Example:

           <access-log format="%header.Cookie%"/>


%cookie.value%

  -> Logs the value of the first Cookie request header, or NULL-COOKIE-VALUE
       if no cookies are present in the request.


I suggest we define the following new access-log format tokens in
domain.xml:


%headers.<name>%

  -> Logs the values of all request headers with the given <name>, or
       NULL-HEADER-<name> if no headers with the given <name> are present
       in the request.
       Equivalent to
javax.servlet.http.HttpServletRequest.getHeaders(<name>).

       Example:

           <access-log format="%headers.Cookie%"/>


%cookie%

  -> Same as %cookie.value%


%cookies%

  -> Logs the values of all Cookie request headers, or NULL-COOKIE-VALUE
       if no cookies are present in the request.
       Equivalent to javax.servlet.http.HttpServletRequest.getCookies()


%cookie.<name>%

  -> Logs the value of the first Cookie with the given <name>, or
       NULL-COOKIE-VALUE if no cookies with the given <name> are present in
       the request.

       Example:

           <access-log format="%cookie.JSESSIONID%"/>


%cookies.<name>%

  -> Logs the values of all Cookies with the given <name>, or
       NULL-COOKIE-VALUE if no cookies with the given <name>
       are present in the request.

       Example:

           <access-log format="%cookies.JSESSIONID%"/>


%attribute.<name>%

  -> Logs the value of the request attribute with the given <name>, or
       NULL-ATTRIBUTE-<name> if no attribute with the given <name> is
present
       in the request.
       Equivalent to javax.servlet.ServletRequest.getAttribute(<name>).


The new tokens will not require any modifications to the DTD that
governs domain.xml, because the "format" attribute of <access-log> is
of type CDATA.


Jan
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.