Splitting User/Client Info & Impl Propagation

Completing the split of the user/client info from the appender package.
Includes updates to the LogPrefixAppender to accept the configurations as
two distinct boolean values.

The constructor updates of the LogPrefixAppender have been propagated back
to the implemented *LogFactory implementations.

Related test updates.

Author: jeremiahjstacey

src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java

@@ -28,8 +28,6 @@
  * information.
  */
 public class ClientInfoSupplier implements Supplier<String> {
-    /** Default UserName string if the Authenticated user is null.*/
-    private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
     /** Default Last Host string if the Authenticated user is null.*/
     private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
     /** Session Attribute containing the ESAPI Session id. */
@@ -44,16 +42,16 @@ public class ClientInfoSupplier implements Supplier<String> {
     private static final int ESAPI_SESSION_RAND_MAX = 1000000;
 
     /** Format for supplier output. */
-    private static final String USER_INFO_FORMAT = "%s:%s@%s"; // USER_NAME, SID, USER_HOST_ADDRESS
+    private static final String USER_INFO_FORMAT = "%s@%s"; // SID, USER_HOST_ADDRESS
 
     /** Whether to log the user info from this instance. */
-    private boolean logUserInfo = true;
+    private boolean logClientInfo = true;
 
     @Override
     public String get() {
-        String userInfo = "";
+        String clientInfo = "";
 
-        if (logUserInfo) {
+        if (logClientInfo) {
             HttpServletRequest request = ESAPI.currentRequest();
             // create a random session number for the user to represent the user's
             // 'session', if it doesn't exist already
@@ -73,21 +71,21 @@ public String get() {
             // log user information - username:session@ipaddr
             User user = ESAPI.authenticator().getCurrentUser();
             if (user == null) {
-                userInfo = String.format(USER_INFO_FORMAT, DEFAULT_USERNAME, sid, DEFAULT_LAST_HOST);
+                clientInfo = String.format(USER_INFO_FORMAT, sid, DEFAULT_LAST_HOST);
             } else {
-                userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
+                clientInfo = String.format(USER_INFO_FORMAT, sid, user.getLastHostAddress());
             }
         }
-        return userInfo;
+        return clientInfo;
     }
 
     /**
      * Specify whether the instance should record the client info.
      * 
      * @param log {@code true} to record
      */
-    public void setLogUserInfo(boolean log) {
-        this.logUserInfo = log;
+    public void setLogClientInfo(boolean log) {
+        this.logClientInfo = log;
     }
 
 }

src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java

@@ -23,8 +23,10 @@
  */
 public class LogPrefixAppender implements LogAppender {
     /** Output format used to assemble return values. */
-    private static final String RESULT_FORMAT = "[%s %s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
+    private static final String RESULT_FORMAT = "[%s %s:%s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
 
+    /** Whether or not to record user information. */
+    private final boolean logUserInfo;
     /** Whether or not to record client information. */
     private final boolean logClientInfo;
     /** Whether or not to record server ip information. */
@@ -37,12 +39,14 @@ public class LogPrefixAppender implements LogAppender {
     /**
      * Ctr.
      * 
+     * @param logUserInfo      Whether or not to record user information
      * @param logClientInfo      Whether or not to record client information
      * @param logServerIp        Whether or not to record server ip information
      * @param logApplicationName Whether or not to record application name
      * @param appName            Application Name to record.
      */
-    public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+    public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        this.logUserInfo = logUserInfo;
         this.logClientInfo = logClientInfo;
         this.logServerIp = logServerIp;
         this.logApplicationName = logApplicationName;
@@ -53,17 +57,21 @@ public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean log
     public String appendTo(String logName, EventType eventType, String message) {
         EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
 
+        UserInfoSupplier userInfoSupplier = new UserInfoSupplier();
+        userInfoSupplier.setLogUserInfo(logUserInfo);
+        
         ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
-        clientInfoSupplier.setLogUserInfo(logClientInfo);
-
-        ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
+        clientInfoSupplier.setLogClientInfo(logClientInfo);
+        
+                ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
         serverInfoSupplier.setLogServerIp(logServerIp);
         serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
 
         String eventTypeMsg = eventTypeSupplier.get();
+        String userInfoMsg = userInfoSupplier.get();
         String clientInfoMsg = clientInfoSupplier.get();
         String serverInfoMsg = serverInfoSupplier.get();
 
-        return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg, serverInfoMsg, message);
+        return String.format(RESULT_FORMAT, eventTypeMsg, userInfoMsg, clientInfoMsg, serverInfoMsg, message);
     }
 }

src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java

@@ -53,11 +53,13 @@ public class JavaLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         JAVA_LOG_SCRUBBER = createLogScrubber(encodeLog);
 
-        boolean logClientInfo = true;
+
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        JAVA_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
 
         Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALL);
@@ -116,8 +118,8 @@ public class JavaLogFactory implements LogFactory {
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-        return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);  
     }
 
 

src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java

@@ -51,11 +51,13 @@ public class Log4JLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         Log4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
 
-        boolean logClientInfo = true;
+        
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        Log4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        Log4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
 
         Map<Integer, Log4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Log4JLogLevelHandlers.TRACE);
@@ -96,8 +98,8 @@ public class Log4JLogFactory implements LogFactory {
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-        return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);       
     }
 
 

src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java

@@ -40,11 +40,12 @@ public class Log4JLoggerFactory implements LoggerFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         LOG4J_LOG_SCRUBBER = Log4JLogFactory.createLogScrubber(encodeLog);
 
-        boolean logClientInfo = true;
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
     }
 
     /**

src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java

@@ -57,11 +57,13 @@ public class Slf4JLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
 
-    	boolean logClientInfo = true;
+
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
 		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
 		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
 		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        SLF4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
 
         Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE);
@@ -102,8 +104,8 @@ public class Slf4JLogFactory implements LogFactory {
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);       
     }
 
 

src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java

@@ -60,7 +60,6 @@ public void before() throws Exception {
 		//Session value generation
 		when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
 
-		when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
 		when(mockUser.getLastHostAddress()).thenReturn(testName.getMethodName() + "-HOST_ADDR");
 
 
@@ -70,15 +69,14 @@ public void before() throws Exception {
 	@Test
 	public void testHappyPath() throws Exception {
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 
-		assertEquals(testName.getMethodName() + "-USER:"+ testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals(testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
 
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
 		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
@@ -87,7 +85,7 @@ public void testHappyPath() throws Exception {
 	@Test
 	public void testLogUserOff() {
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(false);
+		cis.setLogClientInfo(false);
 		String result = cis.get();
 
 		assertTrue(result.isEmpty());
@@ -99,10 +97,10 @@ public void testLogUserOff() {
 	public void testLogUserNull() {
 		when(mockAuth.getCurrentUser()).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 
-		assertEquals("#ANONYMOUS#:"+testName.getMethodName()+ "-SESSION@#UNKNOWN_HOST#", result);
+		assertEquals(testName.getMethodName()+ "-SESSION@#UNKNOWN_HOST#", result);
 
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
@@ -115,14 +113,13 @@ public void testLogUserNull() {
 	public void testNullRequest() throws Exception {
 		when(ESAPI.class, "currentRequest").thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 
 		//sid is empty when request is null		
-		assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals("@"+testName.getMethodName() + "-HOST_ADDR", result);
 
 		verify(mockAuth,times(1)).getCurrentUser();
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
@@ -132,16 +129,15 @@ public void testNullRequest() throws Exception {
 	public void testNullSession() throws Exception {
 		when(mockRequest.getSession(false)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 
 		//sid is empty when session is null		
-		assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals("@"+testName.getMethodName() + "-HOST_ADDR", result);
 
 
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 
 
@@ -154,18 +150,17 @@ public void testNullSession() throws Exception {
 	public void testNullEsapiSession() throws Exception {
 		when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 
 		//sid is empty when session is null		
-		assertEquals(testName.getMethodName() + "-USER:55555@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals("55555@"+testName.getMethodName() + "-HOST_ADDR", result);
 
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
 		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
 		verify(mockSession, times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
 		verify(mockRand, times(1)).getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt());
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);