You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2019/04/05 05:36:33 UTC

[karaf] branch master updated: [KARAF-6220] Add principal info to file and log audit logs

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git


The following commit(s) were added to refs/heads/master by this push:
     new e906225  [KARAF-6220] Add principal info to file and log audit logs
     new 9cf8588  Merge pull request #802 from sjhiggs/KARAF-6220
e906225 is described below

commit e90622553b6f56737b9fd1812b8052c547ef554f
Author: Stephen Higgs <s....@gmail.com>
AuthorDate: Mon Apr 1 08:37:08 2019 -0400

    [KARAF-6220] Add principal info to file and log audit logs
---
 .../modules/audit/AbstractAuditLoginModule.java    | 17 +++++++
 .../jaas/modules/audit/FileAuditLoginModule.java   |  2 +-
 .../jaas/modules/audit/LogAuditLoginModule.java    | 10 ++---
 .../audit/AbstractAuditLoginModuleTest.java        | 52 ++++++++++++++++++++++
 4 files changed, 75 insertions(+), 6 deletions(-)

diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java
index 140ba40..a469e6f 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModule.java
@@ -14,6 +14,7 @@
  */
 package org.apache.karaf.jaas.modules.audit;
 
+import java.util.List;
 import java.util.Map;
 
 import javax.security.auth.Subject;
@@ -23,6 +24,10 @@ import javax.security.auth.callback.NameCallback;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
+
+import static java.util.stream.Collectors.toList;
+
 public abstract class AbstractAuditLoginModule implements LoginModule {
 
     enum Action {
@@ -88,4 +93,16 @@ public abstract class AbstractAuditLoginModule implements LoginModule {
         return false;
     }
 
+    protected String getPrincipalInfo() {
+        String principalInfo;
+        List<String> principalInfos = subject.getPrincipals(ClientPrincipal.class).stream().map(r->r.getName()).collect(toList());
+
+        if (principalInfos.size() > 0) {
+            principalInfo = String.join(", ", principalInfos);
+        } else {
+            principalInfo = "no client principals found";
+        }
+
+        return principalInfo;
+    }
 }
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java
index 6134964..8a36c90 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/FileAuditLoginModule.java
@@ -58,7 +58,7 @@ public class FileAuditLoginModule extends AbstractAuditLoginModule {
             case LOGOUT: actionStr = "Explicit logout"; break;
             default: actionStr = action.toString(); break;
             }
-            writer.println(DATE_FORMAT.format(date) + " - " + actionStr + " - " + username);
+            writer.println(DATE_FORMAT.format(date) + " - " + actionStr + " - " + username + " - " + getPrincipalInfo());
             writer.flush();
             writer.close();
             if (lock.isValid()) {
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java
index 41db1ba..1a5158a 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/audit/LogAuditLoginModule.java
@@ -46,15 +46,15 @@ public class LogAuditLoginModule extends AbstractAuditLoginModule {
             default: actionStr = action.toString(); break;
         }
         if (level.equalsIgnoreCase("debug")) {
-            logger.debug("{} - {}", actionStr, username);
+            logger.debug("{} - {} - {}", actionStr, username, getPrincipalInfo());
         } else if (level.equalsIgnoreCase("trace")) {
-            logger.trace("{} - {}", actionStr, username);
+            logger.trace("{} - {} - {}", actionStr, username, getPrincipalInfo());
         } else if (level.equalsIgnoreCase("warn")) {
-            logger.warn("{} - {}", actionStr, username);
+            logger.warn("{} - {} - {}", actionStr, username, getPrincipalInfo());
         } else if (level.equalsIgnoreCase("error")) {
-            logger.error("{} - {}", actionStr, username);
+            logger.error("{} - {} - {}", actionStr, username, getPrincipalInfo());
         } else {
-            logger.info("{} - {}", actionStr, username);
+            logger.info("{} - {} - {}", actionStr, username, getPrincipalInfo());
         }
     }
 
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModuleTest.java
new file mode 100644
index 0000000..17e6326
--- /dev/null
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/audit/AbstractAuditLoginModuleTest.java
@@ -0,0 +1,52 @@
+/*
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *  under the License.
+ */
+package org.apache.karaf.jaas.modules.audit;
+
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
+import org.apache.karaf.jaas.modules.NamePasswordCallbackHandler;
+import org.junit.Assert;
+import org.junit.Test;
+
+import javax.security.auth.Subject;
+import java.nio.file.attribute.UserPrincipal;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AbstractAuditLoginModuleTest {
+
+    @Test
+    public void getPrincipalInfo() {
+        LogAuditLoginModule module = new LogAuditLoginModule();
+        Map<String, String> options = new HashMap<>();
+        options.put("logger", "test");
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new ClientPrincipal("ssh", "/127.0.0.1"));
+        subject.getPrincipals().add(new ClientPrincipal("ssh", "/127.0.0.2"));
+        subject.getPrincipals().add((UserPrincipal) () -> "noexist");
+        module.initialize(subject, new NamePasswordCallbackHandler("myuser", "mypassword"), null, options);
+        Assert.assertEquals("ssh(/127.0.0.1), ssh(/127.0.0.2)", module.getPrincipalInfo());
+    }
+
+    @Test
+    public void getPrincipalInfoEmpty() {
+        LogAuditLoginModule module = new LogAuditLoginModule();
+        Map<String, String> options = new HashMap<>();
+        options.put("logger", "test");
+        Subject subject = new Subject();
+        module.initialize(subject, new NamePasswordCallbackHandler("myuser", "mypassword"), null, options);
+        Assert.assertEquals("no client principals found", module.getPrincipalInfo());
+    }
+}