From d00e98e609fdd5f57d2ab386c669508b8e2dcfff Mon Sep 17 00:00:00 2001
From: Ray Lee <rhlee@berkeley.edu>
Date: Sat, 13 May 2017 14:09:50 -0700
Subject: [PATCH] CSPACE-7093: Add filter to set username into a request
 attribute.

---
 .../WEB-INF/applicationContext-security.xml   |  7 ++++
 .../spring/CSpaceUserAttributeFilter.java     | 34 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAttributeFilter.java

diff --git a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
index 6617ed90a..a1f23a938 100644
--- a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -66,6 +66,9 @@
         <sec:intercept-url method="OPTIONS" pattern="/**" access="isAnonymous()"/>
         <sec:cors configuration-source-ref="corsSource" />
         
+        <!-- Insert the username from the security context into a request attribute for logging -->
+        <sec:custom-filter ref="userAttributeFilter" after="SECURITY_CONTEXT_FILTER" />
+
         <!-- Handle token auth -->
         <sec:custom-filter ref="oauthResourceServerFilter" before="PRE_AUTH_FILTER" />
     </sec:http>
@@ -193,4 +196,8 @@
             </util:map>
         </property>
     </bean>
+
+    <bean id="userAttributeFilter"
+        class="org.collectionspace.authentication.spring.CSpaceUserAttributeFilter">
+    </bean>
 </beans>
diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAttributeFilter.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAttributeFilter.java
new file mode 100644
index 000000000..230709b23
--- /dev/null
+++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAttributeFilter.java
@@ -0,0 +1,34 @@
+package org.collectionspace.authentication.spring;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * A filter that sets a request attribute containing the username of the
+ * authenticated CollectionSpace user. This attribute may then be used
+ * to log the username via tomcat's standard access log valve.
+ */
+public class CSpaceUserAttributeFilter extends OncePerRequestFilter {
+    public static final String ATTRIBUTE_NAME = "org.collectionspace.authentication.user";
+    
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+            HttpServletResponse response, FilterChain chain)
+            throws ServletException, IOException {
+        chain.doFilter(request, response);
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication != null) {
+            request.setAttribute(ATTRIBUTE_NAME, authentication.getName());
+        }
+    }
+}
-- 
2.47.3