Package org.logevents.optional.servlets

Class LogEventsServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

org.logevents.optional.servlets.LogEventsServlet

All Implemented Interfaces:

Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class LogEventsServlet
extends javax.servlet.http.HttpServlet

A servlet that exposes log information to administrative users via a built in web page. To use, you need to:

• Run your application in a servlet container: Add LogEventsServlet as a servlet in web.xml, add in a ServletContextListener or in Spring, add a ServletRegistrationBean
• You need an Identity Provider that supports OpenID Connect to authorize administrative users. If you don't have any existing options, I suggest creating a (free!) Azure Active Directory and adding users that should have access as guest users. See OpenIdConfiguration to learn how to set this up.
• In order to run LogEventsServlet needs security configuration in your logevents*.properties. You need to set observer.servlet.openIdIssuer, observer.servlet.clientId and observer.servlet.clientSecret. See WebLogEventObserver
• If you mount LogEventsServlet on "/logs", the API will be at "/logs/events", the OpenAPI documentation will be at "/logs/openapi.json" and a simple client web page will be at "/logs/"".

Example configuration:

 observer.servlet=WebLogEventObserver
 observer.servlet.openIdIssuer=https://login.microsoftonline.com/common
 observer.servlet.clientId=12345678-abcd-pqrs-9876-9abcdef01234
 observer.servlet.clientSecret=3¤..¤!?qwer
 observer.servlet.redirectUri=https://my-server.example.com/logs/oauth2callback
 observer.servlet.requiredClaim.username=johannes@brodwall.com,someone@brodwall.com
 observer.servlet.requiredClaim.roles=admin
 

Register LogEventsServlet in your servlet container

Example web.xml-file

 <servlet>
     <servlet-name>LogEvents</servlet-name>
     <servlet-class>org.logevents.extend.servlets.LogEventsServlet</servlet-class>
 </servlet>
 <servlet-mapping>
   <servlet-name>LogEvents</servlet-name>
   <url-pattern>/*</url-pattern>
 </servlet-mapping>
 

Example ServletContextListener

 public class ApplicationContext implements ServletContextListener {
     public void contextInitialized(ServletContextEvent sce) {
        sce.getServletContext().addServlet("logs", new LogEventsServlet()).addMapping("/logs/*");
    }
    public void contextDestroyed(ServletContextEvent sce) {
    }
 }
 

Example Spring ServletRegistrationBean

 @Bean
 public ServletRegistrationBean servletRegistrationBean(){
     return new ServletRegistrationBean(new LogEventsServlet(), "/logs/*");
 }
 

See Also:

WebLogEventObserver, OpenIdConfiguration, LogEventQuery, Serialized Form

Constructor Summary

Constructors

Constructor	Description
LogEventsServlet()

Method Summary

Modifier and Type	Method	Description
protected boolean	authenticated(javax.servlet.http.HttpServletResponse resp, javax.servlet.http.Cookie[] cookies)
protected void	copyResource(javax.servlet.http.HttpServletResponse resp, String resource)
protected javax.servlet.http.Cookie	createSessionCookie(Map<String,Object> idToken)
protected String	decrypt(String value)
protected void	doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
protected void	establishSession(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
protected Optional<String>	findCookie(javax.servlet.http.Cookie[] reqCookies, String name)
protected CryptoVault	getCookieVault()
protected String	getLogEventsHtml()
protected LogEventSource	getLogEventSource()
WebLogEventObserver	getObserver()
protected OpenIdConfiguration	getOpenIdConfiguration()
protected String	getServerUrl(javax.servlet.http.HttpServletRequest req)

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LogEventsServlet

public LogEventsServlet()

Method Detail

doGet

protected void doGet(javax.servlet.http.HttpServletRequest req,
                     javax.servlet.http.HttpServletResponse resp)
              throws IOException

Overrides:

doGet in class javax.servlet.http.HttpServlet

Throws:

IOException

getLogEventsHtml

protected String getLogEventsHtml()

establishSession

protected void establishSession(javax.servlet.http.HttpServletRequest req,
                                javax.servlet.http.HttpServletResponse resp)
                         throws IOException

Throws:

IOException

getLogEventSource

protected LogEventSource getLogEventSource()

getOpenIdConfiguration

protected OpenIdConfiguration getOpenIdConfiguration()

findCookie

protected Optional<String> findCookie(javax.servlet.http.Cookie[] reqCookies,
                                      String name)

createSessionCookie

protected javax.servlet.http.Cookie createSessionCookie(Map<String,Object> idToken)

decrypt

protected String decrypt(String value)
                  throws GeneralSecurityException

Throws:

GeneralSecurityException

getCookieVault

protected CryptoVault getCookieVault()

authenticated

protected boolean authenticated(javax.servlet.http.HttpServletResponse resp,
                                javax.servlet.http.Cookie[] cookies)

copyResource

protected void copyResource(javax.servlet.http.HttpServletResponse resp,
                            String resource)
                     throws IOException

Throws:

IOException

getServerUrl

protected String getServerUrl(javax.servlet.http.HttpServletRequest req)

getObserver

public WebLogEventObserver getObserver()