How to Log Client Certificate Information in WebLogic Managed Server Access Log
(Doc ID 1675282.1)
Last updated on MARCH 20, 2024
Applies to:
Oracle WebLogic Server - Version 12.1.1.0 and laterInformation in this document applies to any platform.
Goal
When users access an application on a WebLogic Server (WLS) Managed Server using 2-way SSL, how can we get the client certificate information that is used logged in the WLS Managed Server Access log?
This can be done using WLS Web Server HTTP Access Logging's Extended Log Format functionality. See Setting Up HTTP Access Logs by Using Extended Log Format - http://docs.oracle.com/cd/E24329_01/web.1211/e24432/web_server.htm#i1059459 for more information.
Logging the Client Certificates will require a custom field to be built and added to the WLS configuration. See Creating Custom Field Identifiers - http://docs.oracle.com/cd/E24329_01/web.1211/e24432/web_server.htm#i1059518 for instructions. Before building the custom field, it is important to mention the main interfaces and classes that will be used:
- Interface CustomELFLogger - http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24391/weblogic/servlet/logging/CustomELFLogger.html
- Interface HttpAccountingInfo - http://docs.oracle.com/cd/E24329_01/apirefs.1211/e24391/weblogic/servlet/logging/HttpAccountingInfo.html
- Interface ServletRequest - http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html
- Class FormatStringBuffer - http://docs.oracle.com/middleware/1212/wls/WLAPI/weblogic/servlet/logging/FormatStringBuffer.html
- Class X509Certificate - http://docs.oracle.com/javase/7/docs/api/java/security/cert/X509Certificate.html
- Class X500Principal - http://docs.oracle.com/javase/7/docs/api/javax/security/auth/x500/X500Principal.html
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
Requirements |
Configuring |
Instructions |
Sample Code |
Sample Output |