@@ -4,7 +4,7 @@ linkTitle: Configuration
44weight : 10
55aliases : [agent-config]
66# prettier-ignore
7- cSpell:ignore : akka armeria classloaders couchbase Customizer datasource dbcp Dotel dropwizard dubbo finatra hikari hikaricp HSET httpasyncclient httpclient hystrix jaxrs jaxws jedis jodd kotlinx logback logmanager mojarra myfaces okhttp oshi pekko rabbitmq ratpack rediscala redisson restlet rocketmq serverlessapis spymemcached twilio vaadin vertx vibur webflux webmvc
7+ cSpell:ignore : akka armeria classloaders couchbase Customizer datasource dbcp Dotel dropwizard dubbo enduser finatra hikari hikaricp HSET httpasyncclient httpclient hystrix jaxrs jaxws jedis jodd kotlinx logback logmanager mojarra myfaces okhttp oshi pekko rabbitmq ratpack rediscala redisson restlet rocketmq serverlessapis spymemcached twilio vaadin vertx vibur webflux webmvc
88---
99
1010## SDK Autoconfiguration
@@ -228,6 +228,61 @@ span link connecting it to the producer trace.
228228> ** Note** : The property/environment variable names listed in the table are
229229> still experimental, and thus are subject to change.
230230
231+ ### Capturing enduser attributes
232+
233+ You can configure the agent to capture
234+ [ general identity attributes] ( /docs/specs/semconv/general/attributes/#general-identity-attributes )
235+ (` enduser.id ` , ` enduser.role ` , ` enduser.scope ` ) from instrumentation libraries
236+ like
237+ [ JavaEE/JakartaEE Servlet] ( https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/main/instrumentation/servlet )
238+ and
239+ [ Spring Security] ( https://github.com/open-telemetry/opentelemetry-java-instrumentation/tree/main/instrumentation/spring/spring-security-config-6.0 ) .
240+
241+ > ** Note** : Given the sensitive nature of the data involved, this feature is
242+ > turned off by default while allowing selective activation for particular
243+ > attributes. You must carefully evaluate each attribute's privacy implications
244+ > before enabling the collection of the data.
245+
246+ {{% config_option
247+ name="otel.instrumentation.common.enduser.enabled"
248+ default=false
249+ %}} Common flag for enabling/disabling enduser attributes. {{% /config_option %}}
250+
251+ {{% config_option
252+ name="otel.instrumentation.common.enduser.id.enabled"
253+ default=false
254+ %}} Determines whether to capture ` enduser.id ` semantic attribute. {{% /config_option %}}
255+
256+ {{% config_option
257+ name="otel.instrumentation.common.enduser.role.enabled"
258+ default=false
259+ %}} Determines whether to capture ` enduser.role ` semantic attribute. {{% /config_option %}}
260+
261+ {{% config_option
262+ name="otel.instrumentation.common.enduser.scope.enabled"
263+ default=false
264+ %}} Determines whether to capture ` enduser.scope ` semantic attribute. {{% /config_option %}}
265+
266+ #### Spring Security
267+
268+ For users of Spring Security who use custom
269+ [ granted authority prefixes] ( https://docs.spring.io/spring-security/reference/servlet/authorization/architecture.html#authz-authorities ) ,
270+ you can use the following properties to strip those prefixes from the
271+ ` enduser.* ` attribute values to better represent the actual role and scope
272+ names:
273+
274+ {{% config_option
275+ name="otel.instrumentation.spring-security.enduser.role.granted-authority-prefix"
276+ default=ROLE_
277+ %}} Prefix of granted authorities identifying roles to capture in the ` enduser.role `
278+ semantic attribute. {{% /config_option %}}
279+
280+ {{% config_option
281+ name="otel.instrumentation.spring-security.enduser.scope.granted-authority-prefix"
282+ default=SCOPE_
283+ %}} Prefix of granted authorities identifying scopes to capture in the ` enduser.scopes `
284+ semantic attribute. {{% /config_option %}}
285+
231286## Suppressing specific auto-instrumentation
232287
233288### Disabling the agent entirely
0 commit comments