However, we are not setting user information into the request with AAA. When AAA starts to authenticate the user, the code provided in Pax Web issue #1907 has already been executed.
@Mailen just what sort of a bot are you? any preferences around where we place you?
Ivan Hraško September 18, 2024 at 7:29 AM
As in “However, we are not setting user information into the request with AAA. When AAA starts to authenticate the user, the code provided in Pax Web issue #1907 has already been executed.“ means that we need additional filter to set user despite we are using fixed Pax Web version.
After enabling Jetty NCSA log - e.g. using
org.ops4j.pax.web.cfglike this:org.ops4j.pax.web.log.ncsa.enabled = true org.ops4j.pax.web.log.ncsa.directory = ${karaf.data}/log org.ops4j.pax.web.log.ncsa.extended = truerequest logs are generated:
# curl -u admin:admin http://127.0.0.1:8181/rests/data/network-topology:network-topology {"network-topology:network-topology": {"topology":[ {"topology-id":"topology-netconf"} ]}} # cat ./data/log/2024-07-13.request.log 127.0.0.1 - - [13/Jul/2024:01:33:35 +0000] "GET /rests/data/network-topology:network-topology HTTP/1.1" 200 87 "-" "curl/7.61.1"Instead of:
127.0.0.1 - admin [13/Jul/2024:01:33:35 +0000] "GET /rests/data/network-topology:network-topology HTTP/1.1" 200 87 "-" "curl/7.61.1"
There was an issue (https://github.com/ops4j/org.ops4j.pax.web/issues/1907) in Pax Web that prevented logging of the authenticated user, but it has been fixed in
8.0.23However, we are not setting user information into the request with AAA. When AAA starts to authenticate the user, the code provided in Pax Web issue #1907 has already been executed.
The first place where we can update the Authentication in the Jetty request is in the https://github.com/opendaylight/aaa/blob/v0.20.0/aaa-filterchain/src/main/java/org/opendaylight/aaa/filterchain/filters/CustomFilterAdapter.java#L65. Here, we have the Jetty server Request provided as a parameter, along with headers from the request that contain user information.