cancel
Showing results for 
Search instead for 
Did you mean: 

How to get client IP address for audit logs?

andreramos
Champ on-the-rise
Champ on-the-rise

I defined some custom audit logs, with the purpose of having more information than the default ones.
One of those extra information would be the client IP address.

From what I checked:

  • In the database (alf_audit_* tables) it is not stored the client IP address.
  • The available services like 'authorizationService' do not provide this information.
  • The util class org.alfresco.util.HttpClientHelper (getHttpClient method) seemed it could actually be helpful, but all of its fields  are null.

How can I programmatically get the client IP address?

6 REPLIES 6

afaust
Legendary Innovator
Legendary Innovator

In HTTP there is never a guarantee that you will be able to get the real / actual client IP. If you have access to the raw HTTP request via a ServletFilter or web script controller, you can try to use getRemoteAddr() to obtain the IP, but as per definition the result is either the IP of the client OR the last proxy that forwarded the request.

lcolorado
Confirmed Champ
Confirmed Champ

An alternative would be simply gathering the access logs produced by default at tomcat/logs/{local_host_name}_access_log*.txt. For example, localhost_access_log2019-05-21.txt

You can configure the format of the access logs in tomcat/conf/server.xml to provide even more information.

See the Access log valve documentation for more details.

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />

‍‍‍

Granted, this would not be as integrated as Axel's solution, but it is something out-of-the-box that you can start using right now (take a look at you directory tomcat/logs/).

As Axel pointed out correctly, depending on multiple factors, you can't be sure that you are getting the actual IP address of the client, but the information may be useful anyway.

andreramos
Champ on-the-rise
Champ on-the-rise

Many thanks Axel Faust‌ and luis.colorado@chpmail.com

I'am using the logs of tomcat short term but now would like to have a more integrated solution.

So followed Axel suggestion, and was able to the client IP address using an Interceptor:

public class CustomHandlerInterceptor implements WebRequestInterceptor {


public CustomHandlerInterceptor() {
}

public void preHandle(WebRequest request) throws Exception {
HttpServletRequest httpServletRequest = ((DispatcherServletWebRequest) request).getRequest();
getClientIpAddress(httpServletRequest);

}

public void postHandle(WebRequest request, ModelMap model) throws Exception {
}


public void afterCompletion(WebRequest request, Exception ex) throws Exception {
}

private String getClientIpAddress(HttpServletRequest request) {
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
return ipAddress;
}

}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The above being in a share-amp, but now I would like to store this new auditable data (ip address).
For that it seems I need to use AuditComponent.recordAuditValues

I tried injecting the bean AuditComponent (using share-amp-slingshot-application-context.xml) but got an expected class not found.
Also tried making the interceptor in repo-amp, there I'am able to inject easily the auditComponent, but cannot get the ServletRequest...

How can I make the obtained ip-address accessible for audit logs?

Is it even right to use AuditComponent in share? 

afaust
Legendary Innovator
Legendary Innovator

THe AuditComponent is a Repository-tier component - it cannot be accessed from within Share. You need to perform a remote call to a custom web script / endpoint on the Repository-tier which can then use the AuditComponent to record values.

gregorio2501
Confirmed Champ
Confirmed Champ

Dear @andreramos ,

Did you find any solution for this feature? Thanks for your reply.

Shcamerse
Champ in-the-making
Champ in-the-making

Even if the thread is 5 years old, the approach to obtaining the client IP address programmatically using a server remains relevant. Server configurations and HTTP header handling have not significantly changed in that time frame. You should still follow the steps mentioned in the previous response to achieve your goal.
However, keep in mind that technology and best practices may have evolved, so it's a good idea to review the latest documentation for your specific proxy server and programming framework to ensure you're using the most up-to-date methods and security practices.