Breedlove: How to log every URI access with the JSF servlet and the rest servlet -

Sunday 15 July 2012

How to log every URI access with the JSF servlet and the rest servlet -

i'm using default jsf servlet , resteasy servlet serve uri requests (wildfly 8.1). want every single uri request logged @sessionscoped backing bean. either cdi bean (@named) or managedbean (@managedbean) can log http requests visitor.

my requirements:

i don't want invoke logging of access each jsf page, nor each rest resource java file. every request must linkable @sessionscoped annotated backing bean visit. visit object stores: a user (if identified) start of visit an ip address n uri requests in list: jsf resource requests , rest resource requests

my questions:

how register filter in web.xml logs both requests - jsf or rest - @sessionscoped annotated backing bean visit? if access backing bean, how ensure session fo same user? session management of web container unclear me. how web container map request known session instance? default cookie?

of course of study there servlet-mapping on url-pattern /* , 1 on /restresources/* 1 not register 2 filters same path, you? :

<filter>     <filter-name>urilogger</filter-name>     <filter-class>com.doe.filters.uriaccesslogger</filter-class> </filter> <filter-mapping>     <filter-name>urilogger</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

okay. others want log every page , rest resource access, too.

create filter in web.xml file.

<filter>     <filter-name>urilogger</filter-name>     <filter-class>com.doe.filters.uriloggingfilter </filter-class> </filter> <filter-mapping>     <filter-name>urilogger</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

also, create filter class.

package com.doe.webapp.controller.general.filters;  import java.io.ioexception; import java.io.serializable; import java.util.regex.matcher; import java.util.regex.pattern;  import javax.enterprise.context.sessionscoped; import javax.inject.inject; import javax.inject.named; import javax.servlet.filter; import javax.servlet.filterchain; import javax.servlet.filterconfig; import javax.servlet.servletexception; import javax.servlet.servletrequest; import javax.servlet.servletresponse; import javax.servlet.http.httpservletrequest;  import org.apache.log4j.logger;  import com.doe.webapp.controller.general.visitcontroller;  @named @sessionscoped public class uriloggingfilter implements serializable, filter {      private static final long serialversionuid = 1472782644963167647l;     private static logger logger = logger.getlogger(uriloggingfilter.class);     private string lastloggeduri = "";      filterconfig filterconfig = null;     @inject     visitcontroller visitcontroller;      @override     public void init(filterconfig filterconfig) throws servletexception {         this.filterconfig = filterconfig;     }      /**      * log requests of  involvement visitcontroller.      */     @override     public void dofilter(servletrequest request, servletresponse response, filterchain filterchain) throws ioexception,             servletexception {          // run other filters.         filterchain.dofilter(request, response);          if (request instanceof httpservletrequest) {             httpservletrequest httpservletrequest = (httpservletrequest) request;             string uri = httpservletrequest.getrequesturi();              string regex = "((/{1}\\w+$)|(/{1}\\w+\\.jsf$))";             pattern p = pattern.compile(regex);             matcher m = p.matcher(uri);             while (m.find()) {                 logger.info("match " + m.group());                  if (!lastloggeduri.equals(uri)) {                     visitcontroller.saveurirequest(httpservletrequest);                     lastloggeduri = uri;                 } else {                     logger.warn("multiple uri access same resource of same user: " + uri);                 }                 break;             }         }      }      @override     public void destroy() {         // todo auto-generated method stub     } }

in code removed logging of repetitive requests. jsf page requests , rest resource requests logged. thus, no images, css or js requests. adapt regex according own needs. ejb function saveurirequest have annotated @asynchronous, avoid laggy delays of response.

answering own questions:

the filter pick every single http request - jsf page or rest resource call. annotate filter cdi bean @named , @sessionscoped. have filter every single visitor. word of caution - don't if have high number of different users. rapidly bring downwards available memory. alternatively mark @applicationscoped , visitor id servletrequest request header instance , assign request visitor. also, prone denials-of-service attacks. (i'm using internal purpose.) yes, web container distriguishes between sessions jsessionid servletrequest request.

hope helps someone, too.

rest servlets jsf-2

Breedlove

Sunday 15 July 2012

How to log every URI access with the JSF servlet and the rest servlet -

No comments:

Post a Comment