javaspringaudithttpinvoker

Auditing HttpInvoker invactions


The server, a stand-alone SE application running Spring 2.5.6 and an embedded jetty. Clients, Swing application, connects to the server using HttpInvoker.

There are a lot of services exposed by the server and now, new requirements have emerged saying I need to log (almost) every invocation made by the client.

What I would like to to do is for the client to send some extra information, (username, workstationId etc. Strings and ints). A typical method on the server would look like this

public void doStuff(int someParam) {
   // Do stuff
   List result = method(someParam)

   // Audit
   // get the client information from somewhere?!!
   String username;
   int workstationId;

   auditDao.doStuffPerformed(username, workstationId, someParam, result);

}

So, how do I get the client information from within a method on the server.

One solution that I've tried is to add client information as request attributes and call method RequestContextHolder.getRequestAttributes(); from within method.

I have added a CommonsHttpInvokerRequestExecutor on the client side and overloaded the following method in order to add the additional information.

@Override
protected PostMethod createPostMethod(HttpInvokerClientConfiguration config) throws IOException {
  PostMethod postMethod = super.createPostMethod(config);
  postMethod.addRequestHeader("someHeader", "someHeader2");
  postMethod.addParameter("someParam", "someParam2");
  postMethod.setRequestHeader("someRequestHeader", "someRequestHeader2");
  return postMethod;
}

This will however not work. The headers or parameters are not accessible on the server.

Any response would be greatly appreciated.


Solution

  • I think you're on the right track. You should just use a custom SimpleHttpInvokerServiceExporter subclass on the server-side, and override readRemoteInvocation to extract the headers set by the client from the HttpExchange argument.

    These header values could be stored in a static ThreadLocal session variable, which would be accessible anywhere in the server-side code.