You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2013/11/24 13:53:04 UTC
svn commit: r1544966 -
/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java
Author: alexoree
Date: Sun Nov 24 12:53:04 2013
New Revision: 1544966
URL: http://svn.apache.org/r1544966
Log:
JUDDI-703 adding additional audit output
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java
Modified: juddi/trunk/juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java?rev=1544966&r1=1544965&r2=1544966&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java (original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/api/impl/AuthenticatedService.java Sun Nov 24 12:53:04 2013
@@ -81,7 +81,7 @@ public abstract class AuthenticatedServi
// expire tokens after # minutes of inactivity
// compare the time in milli-seconds
if (now.getTime() > modelAuthToken.getLastUsed().getTime() + allowedMinutesOfInactivity * 60000l) {
- logger.debug("Token " + modelAuthToken.getAuthToken() + " expired due to inactivity");
+ logger.info("AUDIT: FAILTURE Token " + modelAuthToken.getAuthToken() + " expired due to inactivity "+getRequestorsIPAddress());
modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
}
}
@@ -89,13 +89,16 @@ public abstract class AuthenticatedServi
// expire tokens when max age is reached
// compare the time in milli-seconds
if (now.getTime() > modelAuthToken.getCreated().getTime() + maxMinutesOfAge * 60000l) {
- logger.debug("Token " + modelAuthToken.getAuthToken() + " expired due to old age");
+
+ logger.info("AUDIT: FAILURE - Token " + modelAuthToken.getAuthorizedName() + " expired due to old age " + getRequestorsIPAddress());
modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
}
}
- if (modelAuthToken.getTokenState() == AUTHTOKEN_RETIRED)
+ if (modelAuthToken.getTokenState() == AUTHTOKEN_RETIRED){
+
throw new AuthTokenExpiredException(new ErrorMessage("errors.auth.AuthTokenExpired"));
+ }
if (ctx !=null){
try{
boolean check=true;
@@ -118,7 +121,7 @@ public abstract class AuthenticatedServi
!modelAuthToken.getIPAddress().equalsIgnoreCase(req.getRemoteAddr()))
{
modelAuthToken.setTokenState(AUTHTOKEN_RETIRED);
- logger.error("Security Alert - Attempt to use issued auth token from a different IP address, user " +
+ logger.error("AUDIT FAILURE - Security Alert - Attempt to use issued auth token from a different IP address, user " +
modelAuthToken.getAuthorizedName() + ", issued IP " + modelAuthToken.getIPAddress() +
", attempted use from " + req.getRemoteAddr() + ", forcing reauthentication.");
throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
@@ -137,12 +140,14 @@ public abstract class AuthenticatedServi
UddiEntityPublisher entityPublisher = authenticator.identify(authInfo, modelAuthToken.getAuthorizedName());
// Must make sure the returned publisher has all the necessary fields filled
- if (entityPublisher == null)
+ if (entityPublisher == null) {
+ logger.warn("AUDIT FAILURE - Auth token invalided, publisher does not exist "+ getRequestorsIPAddress());
throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
-
- if (entityPublisher.getAuthorizedName() == null)
+ }
+ if (entityPublisher.getAuthorizedName() == null){
+ logger.warn("AUDIT FAILURE - Auth token invalided, username does exist"+ getRequestorsIPAddress());
throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
-
+ }
// Auth token is being used. Adjust appropriate values so that it's internal 'expiration clock' is reset.
modelAuthToken.setLastUsed(new Date());
modelAuthToken.setNumberOfUses(modelAuthToken.getNumberOfUses() + 1);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org