You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2014/08/07 00:26:52 UTC
[2/5] git commit: ACCUMULO-3049 Add authenticate to
AuditedSecurityOperation
ACCUMULO-3049 Add authenticate to AuditedSecurityOperation
When a client authenticates with Accumulo, the information
is presently not included in the audit log. We should definitely
know when a client is authenticating against the system.
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/66594dbc
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/66594dbc
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/66594dbc
Branch: refs/heads/1.6.1-SNAPSHOT
Commit: 66594dbc2da9b25830900fcf01ac099838a0013a
Parents: 81a77e1
Author: Josh Elser <el...@apache.org>
Authored: Wed Aug 6 14:54:54 2014 -0400
Committer: Josh Elser <el...@apache.org>
Committed: Wed Aug 6 18:17:50 2014 -0400
----------------------------------------------------------------------
.../server/security/AuditedSecurityOperation.java | 14 ++++++++++++++
.../accumulo/server/security/SecurityOperation.java | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/66594dbc/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index d55382d..e37d4a2 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -434,4 +434,18 @@ public class AuditedSecurityOperation extends SecurityOperation {
throw ex;
}
}
+
+ // The audit log is already logging the principal, so we don't have anything else to audit
+ public static final String AUTHENICATE_AUDIT_TEMPLATE = "";
+
+ @Override
+ protected void authenticate(TCredentials credentials) throws ThriftSecurityException {
+ try {
+ super.authenticate(credentials);
+ audit(credentials, true, AUTHENICATE_AUDIT_TEMPLATE);
+ } catch (ThriftSecurityException e) {
+ audit(credentials, false, AUTHENICATE_AUDIT_TEMPLATE);
+ throw e;
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/66594dbc/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index d61dd30..d0e6aea 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -149,7 +149,7 @@ public class SecurityOperation {
return SystemCredentials.get().getToken().getClass().getName().equals(credentials.getTokenClassName());
}
- private void authenticate(TCredentials credentials) throws ThriftSecurityException {
+ protected void authenticate(TCredentials credentials) throws ThriftSecurityException {
if (!credentials.getInstanceId().equals(HdfsZooInstance.getInstance().getInstanceID()))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID);