You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2019/04/05 05:36:33 UTC
[karaf] branch master updated: [KARAF-6220] Add principal info to
file and log audit logs
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/master by this push:
new e906225 [KARAF-6220] Add principal info to file and log audit logs
new 9cf8588 Merge pull request #802 from sjhiggs/KARAF-6220
e906225 is described below
commit e90622553b6f56737b9fd1812b8052c547ef554f
Author: Stephen Higgs <s....@gmail.com>
AuthorDate: Mon Apr 1 08:37:08 2019 -0400
[KARAF-6220] Add principal info to file and log audit logs
---
.../modules/audit/AbstractAuditLoginModule.java | 17 +++++++
.../jaas/modules/audit/FileAuditLoginModule.java | 2 +-
.../jaas/modules/audit/LogAuditLoginModule.java | 10 ++---
.../audit/AbstractAuditLoginModuleTest.java | 52 ++++++++++++++++++++++
4 files changed, 75 insertions(+), 6 deletions(-)
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java
index 140ba40..a469e6f 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java
@@ -14,6 +14,7 @@
*/
package org.apache.karaf.jaas.modules.audit;
+import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
@@ -23,6 +24,10 @@ import javax.security.auth.callback.NameCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
+
+import static java.util.stream.Collectors.toList;
+
public abstract class AbstractAuditLoginModule implements LoginModule {
enum Action {
@@ -88,4 +93,16 @@ public abstract class AbstractAuditLoginModule implements LoginModule {
return false;
}
+ protected String getPrincipalInfo() {
+ String principalInfo;
+ List<String> principalInfos = subject.getPrincipals(ClientPrincipal.class).stream().map(r->r.getName()).collect(toList());
+
+ if (principalInfos.size() > 0) {
+ principalInfo = String.join(", ", principalInfos);
+ } else {
+ principalInfo = "no client principals found";
+ }
+
+ return principalInfo;
+ }
}
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java
index 6134964..8a36c90 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java
@@ -58,7 +58,7 @@ public class FileAuditLoginModule extends AbstractAuditLoginModule {
case LOGOUT: actionStr = "Explicit logout"; break;
default: actionStr = action.toString(); break;
}
- writer.println(DATE_FORMAT.format(date) + " - " + actionStr + " - " + username);
+ writer.println(DATE_FORMAT.format(date) + " - " + actionStr + " - " + username + " - " + getPrincipalInfo());
writer.flush();
writer.close();
if (lock.isValid()) {
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java
index 41db1ba..1a5158a 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java
@@ -46,15 +46,15 @@ public class LogAuditLoginModule extends AbstractAuditLoginModule {
default: actionStr = action.toString(); break;
}
if (level.equalsIgnoreCase("debug")) {
- logger.debug("{} - {}", actionStr, username);
+ logger.debug("{} - {} - {}", actionStr, username, getPrincipalInfo());
} else if (level.equalsIgnoreCase("trace")) {
- logger.trace("{} - {}", actionStr, username);
+ logger.trace("{} - {} - {}", actionStr, username, getPrincipalInfo());
} else if (level.equalsIgnoreCase("warn")) {
- logger.warn("{} - {}", actionStr, username);
+ logger.warn("{} - {} - {}", actionStr, username, getPrincipalInfo());
} else if (level.equalsIgnoreCase("error")) {
- logger.error("{} - {}", actionStr, username);
+ logger.error("{} - {} - {}", actionStr, username, getPrincipalInfo());
} else {
- logger.info("{} - {}", actionStr, username);
+ logger.info("{} - {} - {}", actionStr, username, getPrincipalInfo());
}
}
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModuleTest.java
new file mode 100644
index 0000000..17e6326
--- /dev/null
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModuleTest.java
@@ -0,0 +1,52 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.audit;
+
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
+import org.apache.karaf.jaas.modules.NamePasswordCallbackHandler;
+import org.junit.Assert;
+import org.junit.Test;
+
+import javax.security.auth.Subject;
+import java.nio.file.attribute.UserPrincipal;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AbstractAuditLoginModuleTest {
+
+ @Test
+ public void getPrincipalInfo() {
+ LogAuditLoginModule module = new LogAuditLoginModule();
+ Map<String, String> options = new HashMap<>();
+ options.put("logger", "test");
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new ClientPrincipal("ssh", "/127.0.0.1"));
+ subject.getPrincipals().add(new ClientPrincipal("ssh", "/127.0.0.2"));
+ subject.getPrincipals().add((UserPrincipal) () -> "noexist");
+ module.initialize(subject, new NamePasswordCallbackHandler("myuser", "mypassword"), null, options);
+ Assert.assertEquals("ssh(/127.0.0.1), ssh(/127.0.0.2)", module.getPrincipalInfo());
+ }
+
+ @Test
+ public void getPrincipalInfoEmpty() {
+ LogAuditLoginModule module = new LogAuditLoginModule();
+ Map<String, String> options = new HashMap<>();
+ options.put("logger", "test");
+ Subject subject = new Subject();
+ module.initialize(subject, new NamePasswordCallbackHandler("myuser", "mypassword"), null, options);
+ Assert.assertEquals("no client principals found", module.getPrincipalInfo());
+ }
+}