Alpine
Alpine copied to clipboard
Log IP / User Agent for invalid ApiKeys and JWTs
Currently when an invalid ApiKey or JWT is provided, only the string Invalid API key asserted
or Invalid JWT asserted
is logged.
https://github.com/stevespringett/Alpine/blob/3793e56306852b49651a729bf344ef070fb2c38b/alpine-server/src/main/java/alpine/server/filters/AuthenticationFilter.java#L65-L85
Suggested change is to log also IP and User Agent, similar to other security events being logged.
I tried a quick PR to do the as in AlpineResource
but not sure if injecting a HttpServletRequest
here is appropiate. Maybe a global logSecurityEvent
utility method should be made supporting all scenario's.
https://github.com/stevespringett/Alpine/blob/3793e56306852b49651a729bf344ef070fb2c38b/alpine-server/src/main/java/alpine/server/resources/AlpineResource.java#L341-L365