I defined some custom audit logs, with the purpose of having more information than the default ones.
One of those extra information would be the client IP address.
From what I checked:
How can I programmatically get the client IP address?
In HTTP there is never a guarantee that you will be able to get the real / actual client IP. If you have access to the raw HTTP request via a ServletFilter or web script controller, you can try to use getRemoteAddr() to obtain the IP, but as per definition the result is either the IP of the client OR the last proxy that forwarded the request.
An alternative would be simply gathering the access logs produced by default at tomcat/logs/{local_host_name}_access_log*.txt. For example, localhost_access_log2019-05-21.txt
You can configure the format of the access logs in tomcat/conf/server.xml to provide even more information.
See the Access log valve documentation for more details.
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
Granted, this would not be as integrated as Axel's solution, but it is something out-of-the-box that you can start using right now (take a look at you directory tomcat/logs/).
As Axel pointed out correctly, depending on multiple factors, you can't be sure that you are getting the actual IP address of the client, but the information may be useful anyway.
Many thanks Axel Faust and luis.colorado@chpmail.com
I'am using the logs of tomcat short term but now would like to have a more integrated solution.
So followed Axel suggestion, and was able to the client IP address using an Interceptor:
public class CustomHandlerInterceptor implements WebRequestInterceptor {
public CustomHandlerInterceptor() {
}
public void preHandle(WebRequest request) throws Exception {
HttpServletRequest httpServletRequest = ((DispatcherServletWebRequest) request).getRequest();
getClientIpAddress(httpServletRequest);
}
public void postHandle(WebRequest request, ModelMap model) throws Exception {
}
public void afterCompletion(WebRequest request, Exception ex) throws Exception {
}
private String getClientIpAddress(HttpServletRequest request) {
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
return ipAddress;
}
}
The above being in a share-amp, but now I would like to store this new auditable data (ip address).
For that it seems I need to use AuditComponent.recordAuditValues.
I tried injecting the bean AuditComponent (using share-amp-slingshot-application-context.xml) but got an expected class not found.
Also tried making the interceptor in repo-amp, there I'am able to inject easily the auditComponent, but cannot get the ServletRequest...
How can I make the obtained ip-address accessible for audit logs?
Is it even right to use AuditComponent in share?
THe AuditComponent is a Repository-tier component - it cannot be accessed from within Share. You need to perform a remote call to a custom web script / endpoint on the Repository-tier which can then use the AuditComponent to record values.
Dear @andreramos ,
Did you find any solution for this feature? Thanks for your reply.
Even if the thread is 5 years old, the approach to obtaining the client IP address programmatically using a server remains relevant. Server configurations and HTTP header handling have not significantly changed in that time frame. You should still follow the steps mentioned in the previous response to achieve your goal.
However, keep in mind that technology and best practices may have evolved, so it's a good idea to review the latest documentation for your specific proxy server and programming framework to ensure you're using the most up-to-date methods and security practices.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.