You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/09/21 14:23:00 UTC
[jira] [Comment Edited] (SOLR-12791) Add Metrics reporting for
AuthenticationPlugin
[ https://issues.apache.org/jira/browse/SOLR-12791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16623683#comment-16623683 ]
Jan Høydahl edited comment on SOLR-12791 at 9/21/18 2:22 PM:
-------------------------------------------------------------
Question about instrumenting the {{HadoopAuthPlugin}} for reporting metrics [~ichattopadhyaya]
Since the plugin delegates to Hadoop's AuthenticationFilter we don't get a fine grained response to the plugin that we can check for what really happened. I have managed to pull out the response http code and did this metrics mapping
{code:java}
switch (frsp.getStatus()) {
case HttpServletResponse.SC_UNAUTHORIZED:
// TODO: Cannot tell whether the 401 is due to wrong or missing credentials
numWrongCredentials.inc();
break;
case HttpServletResponse.SC_FORBIDDEN:
// TODO: Are there other status codes which should also translate to error?
numErrors.mark();
break;
default:
if (frsp.getStatus() >= 200 && frsp.getStatus() <= 299) {
numAuthenticated.inc();
} else {
numErrors.mark();
}
}
{code}
However when testing with {{TestSolrCloudWithHadoopAuthPlugin}} I get e.g. 4 requests to doAuthenticate, and 2 of these will be status code 200 while the other two are status 401. I suspect the 401 responses to be some kind of challenge/response that end up in the 200 response, but I have not been able to decipher the code fully yet. Any suggestions on how to proceed?
My experimental code is in [https://github.com/cominvent/lucene-solr/tree/solr12791-hadoop-auth-metrics]
was (Author: janhoy):
Question about instrumenting the {{HadoopAuthPlugin}} for reporting metrics [~ichattopadhyaya]
Since the plugin delegates to Hadoop's AuthenticationFilter we don't get a fine grained response to the plugin that we can check for what really happened. I have managed to pull out the response http code and did this metrics mapping
{code:java}
switch (frsp.getStatus()) {
case HttpServletResponse.SC_UNAUTHORIZED:
// TODO: Cannot tell whether the 401 is due to wrong or missing credentials
numWrongCredentials.inc();
break;
case HttpServletResponse.SC_FORBIDDEN:
// TODO: Are there other status codes which should also translate to error?
numErrors.mark();
break;
default:
if (frsp.getStatus() >= 200 && frsp.getStatus() <= 299) {
numAuthenticated.inc();
} else {
numErrors.mark();
}
}
{code}
However when testing with {{TestSolrCloudWithHadoopAuthPlugin}} I get e.g. 4 requests to doAuthenticate, and 2 of these will be status code 200 while the other two are status 401. I suspect the 401 responses to be some kind of challenge/response that end up in the 200 response, but I have not been able to decipher the code fully yet. Any suggestions on how to proceed?
> Add Metrics reporting for AuthenticationPlugin
> ----------------------------------------------
>
> Key: SOLR-12791
> URL: https://issues.apache.org/jira/browse/SOLR-12791
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication, metrics
> Reporter: Jan Høydahl
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Propose to add Metrics support for all Auth plugins. Will let abstract {{AuthenticationPlugin}} base class implement {{SolrMetricProducer}} and keep the counters, such as:
> * requests
> * req authenticated
> * req pass-through (no credentials and blockUnknown false)
> * req with auth failures due to wrong or malformed credentials
> * req auth failures due to missing credentials
> * errors
> * timeouts
> * timing stats
> Each implementation still needs to increment the counters etc.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org