Comments (7)
Maybe we just add a note in the README that error dispatch should not be used in such cases (or "must be handled by the dev").
We should still do the logging in a try-finally
.
from logbook.
- discourage use of ERROR dispatch in README
- remove ERROR dispatch from examples
- remove ERROR dispatch from Auto Configuration
- log responses in authorized filter in a
try-finally
block - treat exceptions during chain execution in unauthorized filter as unauthorized requests (as long as the second filter didn't log them already? @lukasniemeier)
- switch to jetty-based tests for logbook-servlet
from logbook.
as long as the second filter didn't log them already?
I am trying to identify the scenario: something after the authorized filter throws an exception, the authorized filter logs the response (bullet point 4), now the unauthorized filter would log the response again (due to the exception-as-unauthorized semantic). Correct?
If we would want to prevent such scenario the two filters would need to be linked somehow, so that the unauthorized filter knows to be silent. Is this something special for this two-filter-security setup?
from logbook.
I am trying to identify the scenario: something after the authorized filter throws an exception, the authorized filter logs the response (bullet point 4), now the unauthorized filter would log the response again (due to the exception-as-unauthorized semantic). Correct?
Correct.
If we would want to prevent such scenario the two filters would need to be linked somehow, so that the unauthorized filter knows to be silent.
Exactly.
Is this something special for this two-filter-security setup?
Yes, I think it would only apply in that case.
Communication between the filters can be done using request attributes.
from logbook.
Working on
- log responses in authorized filter in a
try-finally
block - treat exceptions during chain execution in unauthorized filter as unauthorized requests (as long as the second filter didn't log them already)
in https://github.com/lukasniemeier-zalando/logbook/tree/log-despite-exception
from logbook.
After looking into this again I think we should not continue with the proposed change to always log responses in the authorized filter.
If there is a chain exception the state of the response that the filter will capture may not represent what is actually returned to the client. Other filters or the servlet container may decide to output something else. This is for example the case if you use Undertow and deactivate the error chain completely. Logbook
would log an empty 200
response despite the client would actually receive a 500
(written by Undertow itself).
- If there is an exception after the authorized filter
Logbook
would log the request but no response. In the end users would need to leverage the logging of the container to see what is going on. - If there is an exception before the authorized filter we could stick with the change of the unauthorized filter (exception as unauthorized) -
Logbook
would log a partial log. - If there is an exception before the unauthorized filter... 😉
Therefore I am proposing to just implement the exception-as-unauthorized semantic.
from logbook.
Therefore I am proposing to just implement the exception-as-unauthorized semantic.
Agreed.
from logbook.
Related Issues (20)
- logbook-ktor-server removes Content-Type header from response HOT 6
- Obfuscate json body fields using json path or json pointer HOT 1
- Logbook not read logback configuration from logback-spring.xml HOT 2
- Support native compilation with graalvm HOT 4
- Logs only show header's name but not value if header is added using a Filter in Spring Boot HOT 2
- Micronaut 4 integration based on @ClientFilter & @ServerFilter
- UnsupportedOperationException in LogbookHttpRequestInterceptor with Spring Boot 3.2.0 and Apache Http Client 5 HOT 6
- No traceId for SpringCloudGateway request in SpringBoot 3.2.0 HOT 3
- Make Logbook interceptors fault tolerant HOT 3
- Do not mention issues with "not-a-bug" label in release notes HOT 4
- Logbook 3.7.0 pulls in Lombok as transitive dependency HOT 9
- Spring Boot 3 + Micrometer Tracing: Context empty in Server request/response logs HOT 6
- Logbook 3.7.1 pulls in a whole bunch of test dependencies to the production classpath HOT 5
- Eliminate superfluous filter execution HOT 1
- Does setting the log level to debug enable log output? HOT 1
- UnsupportedOperationException: null when using logbook-httpclient (4.0) HOT 1
- mark/reset not supported after adding LogbookClientHttpRequestInterceptor with TRACE logging level HOT 1
- Allow automatic context propagation when using Spring Webflux
- Possible OOM with large servlet response HOT 6
- RESTEASY003765: Response is closed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from logbook.