You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suggested change is to log also IP and User Agent, similar to other security events being logged.
I tried a quick PR to do the as in AlpineResource but not sure if injecting a HttpServletRequest here is appropiate. Maybe a global logSecurityEvent utility method should be made supporting all scenario's.
Currently when an invalid ApiKey or JWT is provided, only the string
Invalid API key asserted
orInvalid JWT asserted
is logged.Alpine/alpine-server/src/main/java/alpine/server/filters/AuthenticationFilter.java
Lines 65 to 85 in 3793e56
Suggested change is to log also IP and User Agent, similar to other security events being logged.
I tried a quick PR to do the as in
AlpineResource
but not sure if injecting aHttpServletRequest
here is appropiate. Maybe a globallogSecurityEvent
utility method should be made supporting all scenario's.Alpine/alpine-server/src/main/java/alpine/server/resources/AlpineResource.java
Lines 341 to 365 in 3793e56
The text was updated successfully, but these errors were encountered: