io.jenkins.plugins.auditlogger.RequestHolder

public final class RequestHolder extends Object

Thread-local holder for the current HTTP request, plus a cross-request pending-auth-entry map for deferred User-Agent enrichment. The pending map is needed because form/SSO logins trigger authenticated2() inside Spring Security's filter chain, which then sends a 302 redirect without continuing to PluginServletFilter. The browser follows the redirect, and THAT request goes through AuditRequestCapture where we can read User-Agent.

Method Summary

Modifier and Type

Method

Description

static void

cacheUserIp(String username, String ip)

Cache a user's IP address from a known request context.

static void

clear()

static AuditLogEntry

consumePendingAuthEntry(String username)

Consume (get and remove) the pending auth entry for a given username.

static List<AuditLogEntry>

drainExpiredEntries()

Drain all expired pending entries so they can be written to the log even without enrichment.

static jakarta.servlet.http.HttpServletRequest

get()

static String

getAuthenticatedUser()

Get the pre-chain authenticated username (survives SYSTEM impersonation).

static String

getCachedUserIp(String username)

Get the last-known IP for a user (from login/request).

static void

set(jakarta.servlet.http.HttpServletRequest request)

static void

setAuthenticatedUser(String username)

Store the authenticated username before filter chain processing.

static void

setPendingAuthEntry(String username, AuditLogEntry entry)

Store an auth event entry for later enrichment, keyed by username.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- set
  
  public static void set(jakarta.servlet.http.HttpServletRequest request)
- get
  
  public static jakarta.servlet.http.HttpServletRequest get()
- clear
  
  public static void clear()
- setAuthenticatedUser
  
  public static void setAuthenticatedUser(String username)
  
  Store the authenticated username before filter chain processing.
- getAuthenticatedUser
  
  public static String getAuthenticatedUser()
  
  Get the pre-chain authenticated username (survives SYSTEM impersonation).
- cacheUserIp
  
  public static void cacheUserIp(String username, String ip)
  
  Cache a user's IP address from a known request context.
- getCachedUserIp
  
  public static String getCachedUserIp(String username)
  
  Get the last-known IP for a user (from login/request). Returns null if unknown.
- setPendingAuthEntry
  
  public static void setPendingAuthEntry(String username, AuditLogEntry entry)
  
  Store an auth event entry for later enrichment, keyed by username.
- consumePendingAuthEntry
  
  public static AuditLogEntry consumePendingAuthEntry(String username)
  
  Consume (get and remove) the pending auth entry for a given username. Returns null if none/expired.
- drainExpiredEntries
  
  public static List<AuditLogEntry> drainExpiredEntries()
  
  Drain all expired pending entries so they can be written to the log even without enrichment. This prevents data loss when enrichment never happens (e.g., form login where the redirect follow doesn't reach AuditRequestCapture).

Class RequestHolder

Method Summary

Methods inherited from class java.lang.Object

Method Details

set

get

clear

setAuthenticatedUser

getAuthenticatedUser

cacheUserIp

getCachedUserIp

setPendingAuthEntry

consumePendingAuthEntry

drainExpiredEntries