custom AccessLogger (#9733)

DaanHoogland · Daan Hoogland · web-flow · commit 9712b4d322a6 · 2025-08-04T16:36:08.000+05:30
* custom AccessLogger

Co-authored-by: Daan Hoogland &lt;dahn@apache.org&gt;
diff --git a/client/src/main/java/org/apache/cloudstack/ACSRequestLog.java b/client/src/main/java/org/apache/cloudstack/ACSRequestLog.java
@@ -0,0 +1,84 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+package org.apache.cloudstack;
+
+import com.cloud.utils.StringUtils;
+import org.eclipse.jetty.server.NCSARequestLog;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.util.DateCache;
+import org.eclipse.jetty.util.component.LifeCycle;
+
+import java.util.Locale;
+import java.util.TimeZone;
+
+import static org.apache.commons.configuration.DataConfiguration.DEFAULT_DATE_FORMAT;
+
+public class ACSRequestLog extends NCSARequestLog {
+    private static final ThreadLocal<StringBuilder> buffers =
+            ThreadLocal.withInitial(() -> new StringBuilder(256));
+
+    private final DateCache dateCache;
+
+    public ACSRequestLog() {
+        super();
+
+        TimeZone timeZone = TimeZone.getTimeZone("GMT");
+        Locale locale = Locale.getDefault();
+        dateCache = new DateCache(DEFAULT_DATE_FORMAT, locale, timeZone);
+    }
+
+    @Override
+    public void log(Request request, Response response) {
+        String requestURI = StringUtils.cleanString(request.getOriginalURI());
+        try {
+            StringBuilder sb = buffers.get();
+            sb.setLength(0);
+
+            sb.append(request.getHttpChannel().getEndPoint()
+                            .getRemoteAddress().getAddress()
+                            .getHostAddress())
+                    .append(" - - [")
+                    .append(dateCache.format(request.getTimeStamp()))
+                    .append("] \"")
+                    .append(request.getMethod())
+                    .append(" ")
+                    .append(requestURI)
+                    .append(" ")
+                    .append(request.getProtocol())
+                    .append("\" ")
+                    .append(response.getStatus())
+                    .append(" ")
+                    .append(response.getHttpChannel().getBytesWritten()) // apply filter here?
+                    .append(" \"-\" \"")
+                    .append(request.getHeader("User-Agent"))
+                    .append("\"");
+
+            write(sb.toString());
+        } catch (Exception e) {
+            LOG.warn("Unable to log request", e);
+        }
+    }
+
+    @Override
+    protected void stop(LifeCycle lifeCycle) throws Exception {
+        buffers.remove();
+        super.stop(lifeCycle);
+    }
+}
diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -32,7 +32,6 @@
 import org.eclipse.jetty.jmx.MBeanContainer;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
-import org.eclipse.jetty.server.NCSARequestLog;
 import org.eclipse.jetty.server.RequestLog;
 import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
@@ -299,7 +298,7 @@ private Pair<SessionHandler,HandlerCollection> createHandlers() {
     }
 
     private RequestLog createRequestLog() {
-        final NCSARequestLog log = new NCSARequestLog();
+        final ACSRequestLog log = new ACSRequestLog();
         final File logPath = new File(accessLogFile);
         final File parentFile = logPath.getParentFile();
         if (parentFile != null) {
diff --git a/utils/src/main/java/com/cloud/utils/StringUtils.java b/utils/src/main/java/com/cloud/utils/StringUtils.java
@@ -25,6 +25,7 @@
 
 import java.nio.charset.Charset;
 import java.util.Arrays;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -39,12 +40,12 @@
 public class StringUtils extends org.apache.commons.lang3.StringUtils {
     private static final char[] hexChar = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
 
-    private static Charset preferredACSCharset;
+    private static final Charset preferredACSCharset;
     private static final String UTF8 = "UTF-8";
 
     static {
         if (isUtf8Supported()) {
-            preferredACSCharset = Charset.forName(UTF8);
+            preferredACSCharset = StandardCharsets.UTF_8;
         } else {
             preferredACSCharset = Charset.defaultCharset();
         }
@@ -66,8 +67,8 @@ public static String cleanupTags(String tags) {
         if (tags != null) {
             final String[] tokens = tags.split(",");
             final StringBuilder t = new StringBuilder();
-            for (int i = 0; i < tokens.length; i++) {
-                t.append(tokens[i].trim()).append(",");
+            for (String token : tokens) {
+                t.append(token.trim()).append(",");
             }
             t.delete(t.length() - 1, t.length());
             tags = t.toString();
@@ -77,16 +78,16 @@ public static String cleanupTags(String tags) {
     }
 
     /**
-     * @param tags
+     * @param tags a {code}String{code} containing a list of comma separated tags
      * @return List of tags
      */
     public static List<String> csvTagsToList(final String tags) {
-        final List<String> tagsList = new ArrayList<String>();
+        final List<String> tagsList = new ArrayList<>();
 
         if (tags != null) {
             final String[] tokens = tags.split(",");
-            for (int i = 0; i < tokens.length; i++) {
-                tagsList.add(tokens[i].trim());
+            for (String token : tokens) {
+                tagsList.add(token.trim());
             }
         }
 
@@ -95,13 +96,13 @@ public static List<String> csvTagsToList(final String tags) {
 
     /**
      * Converts a List of tags to a comma separated list
-     * @param tagsList
+     * @param tagsList List of tags to convert to a comma separated list in a {code}String{code}
      * @return String containing a comma separated list of tags
      */
 
     public static String listToCsvTags(final List<String> tagsList) {
         final StringBuilder tags = new StringBuilder();
-        if (tagsList.size() > 0) {
+        if (!tagsList.isEmpty()) {
             for (int i = 0; i < tagsList.size(); i++) {
                 tags.append(tagsList.get(i));
                 if (i != tagsList.size() - 1) {
@@ -113,22 +114,6 @@ public static String listToCsvTags(final List<String> tagsList) {
         return tags.toString();
     }
 
-    public static String getExceptionStackInfo(final Throwable e) {
-        final StringBuffer sb = new StringBuffer();
-
-        sb.append(e.toString()).append("\n");
-        final StackTraceElement[] elemnents = e.getStackTrace();
-        for (final StackTraceElement element : elemnents) {
-            sb.append(element.getClassName()).append(".");
-            sb.append(element.getMethodName()).append("(");
-            sb.append(element.getFileName()).append(":");
-            sb.append(element.getLineNumber()).append(")");
-            sb.append("\n");
-        }
-
-        return sb.toString();
-    }
-
     public static String unicodeEscape(final String s) {
         final StringBuilder sb = new StringBuilder();
         for (int i = 0; i < s.length(); i++) {
@@ -151,25 +136,22 @@ public static String getMaskedPasswordForDisplay(final String password) {
             return "*";
         }
 
-        final StringBuffer sb = new StringBuffer();
-        sb.append(password.charAt(0));
-        for (int i = 1; i < password.length(); i++) {
-            sb.append("*");
-        }
-
-        return sb.toString();
+        return password.charAt(0) +
+                "*".repeat(password.length() - 1);
     }
 
     // removes a password request param and it's value, also considering password is in query parameter value which has been url encoded
-    private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("(&|%26)?[^(&|%26)]*((p|P)assword|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]|$))");
+    private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("(&|%26)?[^(&|%26)]*(([pP])assword|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]|$))");
 
     // removes a password/accesskey/ property from a response json object
-    private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"((p|P)assword|privatekey|accesskey|secretkey)\":\\s?\".*?\",?");
+    private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"(([pP])assword|privatekey|accesskey|secretkey)\":\\s?\".*?\",?");
 
-    private static final Pattern REGEX_PASSWORD_DETAILS = Pattern.compile("(&|%26)?details(\\[|%5B)\\d*(\\]|%5D)\\.key(=|%3D)((p|P)assword|accesskey|secretkey)(?=(%26|[&'\"]))");
+    private static final Pattern REGEX_PASSWORD_DETAILS = Pattern.compile("(&|%26)?details(\\[|%5B)\\d*(\\]|%5D)\\.key(=|%3D)(([pP])assword|accesskey|secretkey)(?=(%26|[&'\"]))");
 
     private static final Pattern REGEX_PASSWORD_DETAILS_INDEX = Pattern.compile("details(\\[|%5B)\\d*(\\]|%5D)");
 
+    private static final Pattern REGEX_SESSION_KEY = Pattern.compile("sessionkey=[A-Za-z0-9_-]+");
+
     private static final Pattern REGEX_REDUNDANT_AND = Pattern.compile("(&|%26)(&|%26)+");
 
     // Responsible for stripping sensitive content from request and response strings
@@ -178,6 +160,7 @@ public static String cleanString(final String stringToClean) {
         if (stringToClean != null) {
             cleanResult = REGEX_PASSWORD_QUERYSTRING.matcher(stringToClean).replaceAll("");
             cleanResult = REGEX_PASSWORD_JSON.matcher(cleanResult).replaceAll("");
+            cleanResult = REGEX_SESSION_KEY.matcher(cleanResult).replaceAll("");
             final Matcher detailsMatcher = REGEX_PASSWORD_DETAILS.matcher(cleanResult);
             while (detailsMatcher.find()) {
                 final Matcher detailsIndexMatcher = REGEX_PASSWORD_DETAILS_INDEX.matcher(detailsMatcher.group());
@@ -205,24 +188,20 @@ public static boolean areTagsEqual(final String tags1, final String tags2) {
             return true;
         }
 
-        if (tags1 != null && tags2 == null) {
-            return false;
-        }
-
-        if (tags1 == null && tags2 != null) {
+        if (tags1 == null ^ tags2 == null) {
             return false;
         }
 
         final String delimiter = ",";
 
-        final List<String> lstTags1 = new ArrayList<String>();
+        final List<String> lstTags1 = new ArrayList<>();
         final String[] aTags1 = tags1.split(delimiter);
 
         for (final String tag1 : aTags1) {
             lstTags1.add(tag1.toLowerCase());
         }
 
-        final List<String> lstTags2 = new ArrayList<String>();
+        final List<String> lstTags2 = new ArrayList<>();
         final String[] aTags2 = tags2.split(delimiter);
 
         for (final String tag2 : aTags2) {
@@ -233,7 +212,7 @@ public static boolean areTagsEqual(final String tags1, final String tags2) {
     }
 
     public static Map<String, String> stringToMap(final String s) {
-        final Map<String, String> map = new HashMap<String, String>();
+        final Map<String, String> map = new HashMap<>();
         final String[] elements = s.split(";");
         for (final String parts : elements) {
             final String[] keyValue = parts.split(":");
@@ -243,14 +222,14 @@ public static Map<String, String> stringToMap(final String s) {
     }
 
     public static String mapToString(final Map<String, String> map) {
-        String s = "";
+        StringBuilder s = new StringBuilder();
         for (final Map.Entry<String, String> entry : map.entrySet()) {
-            s += entry.getKey() + ":" + entry.getValue() + ";";
+            s.append(entry.getKey()).append(":").append(entry.getValue()).append(";");
         }
         if (s.length() > 0) {
-            s = s.substring(0, s.length() - 1);
+            s = new StringBuilder(s.substring(0, s.length() - 1));
         }
-        return s;
+        return s.toString();
     }
 
     public static <T> List<T> applyPagination(final List<T> originalList, final Long startIndex, final Long pageSizeVal) {
@@ -271,7 +250,7 @@ public static <T> List<T> applyPagination(final List<T> originalList, final Long
     }
 
     private static <T> List<List<T>> partitionList(final List<T> originalList, final int chunkSize) {
-        final List<List<T>> listOfChunks = new ArrayList<List<T>>();
+        final List<List<T>> listOfChunks = new ArrayList<>();
         for (int i = 0; i < originalList.size() / chunkSize; i++) {
             listOfChunks.add(originalList.subList(i * chunkSize, i * chunkSize + chunkSize));
         }
@@ -299,9 +278,7 @@ public static Map<String, String> parseJsonToMap(String jsonString) {
         if (org.apache.commons.lang3.StringUtils.isNotBlank(jsonString)) {
             try {
                 JsonNode jsonNode = objectMapper.readTree(jsonString);
-                jsonNode.fields().forEachRemaining(entry -> {
-                    mapResult.put(entry.getKey(), entry.getValue().asText());
-                });
+                jsonNode.fields().forEachRemaining(entry -> mapResult.put(entry.getKey(), entry.getValue().asText()));
             } catch (Exception e) {
                 throw new CloudRuntimeException("Error while parsing json to convert it to map " + e.getMessage());
             }
diff --git a/utils/src/test/java/com/cloud/utils/StringUtilsTest.java b/utils/src/test/java/com/cloud/utils/StringUtilsTest.java
@@ -240,6 +240,21 @@ public void testCleanSecretkeyFromRequestString() {
         assertEquals(result, expected);
     }
 
+    @Test
+    public void testCleanSessionkeyFromAccessLogString() {
+        final String input = "GET /client/api/?managementserverid=cad7010f-216f-48cb-af11-280588863c4e&command=readyForShutdown&response=json&sessionkey=-FrgnKy6pj-JB4BI2sXqo HTTP/1.1\" 200 180 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Safari/605.1.15 Ddg/18.5";
+        final String expected = "GET /client/api/?managementserverid=cad7010f-216f-48cb-af11-280588863c4e&command=readyForShutdown&response=json& HTTP/1.1\" 200 180 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Safari/605.1.15 Ddg/18.5";
+        final String result = StringUtils.cleanString(input);
+        assertEquals(expected, result);
+    }
+    @Test
+    public void testCleanSessionkeyFromRequestJsonString() {
+        final String input = "{id=64b5e71d-2ae8-11ef-9466-1e00c400042b, showicon=true, command=listUsers, response=json, sessionkey=lXfAicKQXPBzt7KjLx6DwVfcOuA}";
+        final String expected = "{id=64b5e71d-2ae8-11ef-9466-1e00c400042b, showicon=true, command=listUsers, response=json, }";
+        final String result = StringUtils.cleanString(input);
+        assertEquals(expected, result);
+    }
+
     @Test
     public void listToCsvTags() {
         assertEquals("a,b,c", StringUtils.listToCsvTags(Arrays.asList("a","b", "c")));
