Add logging to DB HTTP request method, when "page not found" or access

denied.

Author: AleksSPb

src/main/java/ru/mystamps/web/controller/ErrorController.java

@@ -48,15 +48,16 @@ public void notFound(
 			@RequestHeader(value = "user-agent", required = false) String agent) {
 
 		// TODO: sanitize all user's values (#60)
-		String page = (String)request.getAttribute("javax.servlet.error.request_uri");
-		String ip   = request.getRemoteAddr();
+		String page   = (String)request.getAttribute("javax.servlet.error.request_uri");
+		String ip     = request.getRemoteAddr();
+		String method = request.getMethod();
 
 		User currentUser = null;
 		if (userDetails != null) {
 			currentUser = userDetails.getUser();
 		}
 
-		siteService.logAboutAbsentPage(page, currentUser, ip, referer, agent);
+		siteService.logAboutAbsentPage(page, method, currentUser, ip, referer, agent);
 	}
 
 	@RequestMapping(Url.INTERNAL_ERROR_PAGE)

src/main/java/ru/mystamps/web/dao/impl/JdbcSuspiciousActivityDao.java

@@ -49,6 +49,7 @@ public void add(SuspiciousActivity activity) {
 			: null;
 		params.put("user_id", userId);
 		params.put("ip", activity.getIp());
+		params.put("method", activity.getMethod());
 		params.put("referer_page", activity.getRefererPage());
 		params.put("user_agent", activity.getUserAgent());
 

src/main/java/ru/mystamps/web/entity/SuspiciousActivity.java

@@ -38,6 +38,7 @@ public class SuspiciousActivity {
 
 	public static final int PAGE_URL_LENGTH = 100;
 	public static final int IP_LENGTH       = 15;
+	public static final int METHOD_LENGTH   = 7;
 
 	@Id
 	@GeneratedValue
@@ -51,6 +52,9 @@ public class SuspiciousActivity {
 
 	@Column(length = PAGE_URL_LENGTH, nullable = false)
 	private String page;
+
+	@Column(length = METHOD_LENGTH)
+	private String method;
 
 	@ManyToOne
 	private User user;

src/main/java/ru/mystamps/web/service/SiteService.java

@@ -25,6 +25,7 @@ public interface SiteService {
 	@SuppressWarnings("PMD.UseObjectForClearerAPI")
 	void logAboutAbsentPage(
 		String page,
+		String method,
 		User user,
 		String ip,
 		String referer,
@@ -33,6 +34,7 @@ void logAboutAbsentPage(
 	@SuppressWarnings("PMD.UseObjectForClearerAPI")
 	void logAboutFailedAuthentication(
 		String page,
+		String method,
 		User user,
 		String ip,
 		String referer,

src/main/java/ru/mystamps/web/service/SiteServiceImpl.java

@@ -48,32 +48,35 @@ public class SiteServiceImpl implements SiteService {
 	@Transactional
 	public void logAboutAbsentPage(
 			String page,
+			String method,
 			User user,
 			String ip,
 			String referer,
 			String agent) {
 
-		logEvent(PAGE_NOT_FOUND, page, user, ip, referer, agent, new Date());
+		logEvent(PAGE_NOT_FOUND, page, method, user, ip, referer, agent, new Date());
 	}
 
 	@Override
 	@SuppressWarnings("PMD.UseObjectForClearerAPI")
 	@Transactional
 	public void logAboutFailedAuthentication(
 			String page,
+			String method,
 			User user,
 			String ip,
 			String referer,
 			String agent,
 			Date date) {
 
-		logEvent(AUTHENTICATION_FAILED, page, user, ip, referer, agent, date);
+		logEvent(AUTHENTICATION_FAILED, page, method, user, ip, referer, agent, date);
 	}
 
-	@SuppressWarnings("PMD.UseObjectForClearerAPI")
+	@SuppressWarnings({"PMD.UseObjectForClearerAPI", "checkstyle:parameternumber"})
 	private void logEvent(
 			String type,
 			String page,
+			String method,
 			User user,
 			String ip,
 			String referer,
@@ -92,6 +95,7 @@ private void logEvent(
 
 		activity.setOccurredAt(date == null ? new Date() : date);
 		activity.setPage(page);
+		activity.setMethod(method);
 
 		activity.setUser(user);
 

src/main/java/ru/mystamps/web/support/spring/security/AuthenticationFailureListener.java

@@ -50,13 +50,14 @@ public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
 
 		// TODO: log more info (login for example) (#59)
 		// TODO: sanitize all user's values (#60)
+		String method  = request.getMethod();
 		String page    = request.getRequestURI();
 		String ip      = request.getRemoteAddr();
 		String referer = request.getHeader("referer");
 		String agent   = request.getHeader("user-agent");
 		Date date      = new Date(event.getTimestamp());
 
-		siteService.logAboutFailedAuthentication(page, null, ip, referer, agent, date);
+		siteService.logAboutFailedAuthentication(page, method, null, ip, referer, agent, date);
 	}
 
 	private HttpServletRequest getRequest() {

src/main/resources/liquibase/version/0.4.xml

@@ -8,5 +8,6 @@
 	<include file="0.4/2014-10-28--decimal_price.xml" relativeToChangelogFile="true" />
 	<include file="0.4/2015-06-22--image_url.xml" relativeToChangelogFile="true" />
 	<include file="0.4/2015-07-07--salt_and_hash.xml" relativeToChangelogFile="true" />
+	<include file="0.4/2015-10-14--http-method.xml" relativeToChangelogFile="true" />
 
 </databaseChangeLog>

src/main/resources/liquibase/version/0.4/2015-10-14--http-method.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+		xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+		http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.0.xsd">
+
+	<changeSet id="add-method-column-to-suspicious_activities-table" author="AleksSPb" context="scheme">
+		<comment>Add method column to suspicious_activities table</comment>
+
+		<addColumn tableName="suspicious_activities">
+			<!-- Field size set to fit the longest name of HTTP method ("OPTIONS") -->
+			<column name="method" type="VARCHAR(7)" />
+		</addColumn>
+
+	</changeSet>
+
+</databaseChangeLog>

src/main/resources/sql/suspicious_activity_dao_queries.properties

@@ -4,6 +4,7 @@ INSERT \
      ( type_id \
      , occurred_at \
      , page \
+     , method \
      , user_id \
      , ip \
      , referer_page \
@@ -12,6 +13,7 @@ INSERT \
 SELECT sat.id \
      , :occurred_at \
      , :page \
+     , :method \
      , :user_id \
      , :ip \
      , :referer_page \