Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NR-106006 disable userid when high security #1261

Merged
merged 3 commits into from
May 10, 2023
Merged

NR-106006 disable userid when high security #1261

merged 3 commits into from
May 10, 2023

Conversation

obenkenobi
Copy link
Contributor

Disabled user tracking when high security mode is enabled

obenkenobi
obenkenobi commented May 10, 2023
View reviewed changes
instrumentation/servlet-user/src/main/java/javax/servlet/Servlet.java
@@ -26,7 +26,7 @@ public void service(ServletRequest request, ServletResponse response) {
if (request instanceof HttpServletRequest) {
Principal principal = ((HttpServletRequest) request).getUserPrincipal();
if (principal != null) {
AgentBridge.getAgent().getTransaction().getAgentAttributes().put("user", principal.getName());
NewRelic.setUserName(principal.getName());
Copy link
Contributor Author

@obenkenobi obenkenobi May 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does the same thing but adds additional useful logs and a supportability metric, SetUserName. This also helps me reduce the amount of times I explicitly check if HSM is enabled

Copy link
Contributor

@meiao meiao May 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

didn't this use a different parameter name?
I confused this with another method.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok! To clarify, this method adds the "user" attribute. This is the old way of us doing "user" tracking and was meant for the browser agent to use.

Since user tracking is meant to be disabled in HSM, it makes sense it should apply to this method too.

@obenkenobi obenkenobi merged commit 89a9649 into main May 10, 2023
meiao added a commit that referenced this pull request May 11, 2023
@meiao
Revert "Merge pull request #1261 from newrelic/NR-106006-disable-user…
4757e49 
…id-when-high-security"

This reverts commit 89a9649, reversing
changes made to 7890907.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtduffy jtduffy jtduffy approved these changes

@meiao meiao meiao approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@obenkenobi @meiao @jtduffy