You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Alex Rudyy (JIRA)" <ji...@apache.org> on 2018/03/12 14:27:00 UTC
[jira] [Updated] (QPID-8124) [Broker-J][REST] Sucessfully
authenticated user is reported as <> in ACL operational logs when
checking access to management
[ https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy updated QPID-8124:
-----------------------------
Description:
When user is successfully authenticated, the user information in operational log for checking management access is reported as <<UNKNOWN>> for both Allowed and Denied outcomes:
{noformat}
INFO [qtp1675859208-228] (q.m.a.denied) - <<UNKNOWN>> ACL-1002 : Denied : Access Management
INFO [qtp1675859208-64] (q.m.a.allowed) - <<UNKNOWN>> ACL-1001 : Allowed : Access Management
INFO [qtp1675859208-64] (q.m.m.open) - [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
{noformat}
As result, it is impossible to identify the principal name of authenticated user in operational log when access is denied.
Thought, it is possible to get the principal name for "allowed" outcome by looking into the following logs from the same thread, it would be beneficial to print the real principal information in the log for Allowed outcome.
was:
When user is successfully authenticated, the user subject of operational log for checking management access is reported as <<UNKNOWN>> with both Allowed and Denied outcomes:
{noformat}
INFO [qtp1675859208-228] (q.m.a.denied) - <<UNKNOWN>> ACL-1002 : Denied : Access Management
INFO [qtp1675859208-64] (q.m.a.allowed) - <<UNKNOWN>> ACL-1001 : Allowed : Access Management
INFO [qtp1675859208-64] (q.m.m.open) - [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
{noformat}
As result, it is impossible to identify the principal name of authenticated user in operational log when access is denied.
Thought, it is possible to get the principal name for "allowed" outcome by looking into the following logs from the same thread, it would be beneficial to print the real principal information in the log for Allowed outcome.
> [Broker-J][REST] Sucessfully authenticated user is reported as <<UNKNOWN>> in ACL operational logs when checking access to management
> -------------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8124
> URL: https://issues.apache.org/jira/browse/QPID-8124
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
> Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0, qpid-java-broker-7.0.1
> Reporter: Alex Rudyy
> Priority: Major
>
> When user is successfully authenticated, the user information in operational log for checking management access is reported as <<UNKNOWN>> for both Allowed and Denied outcomes:
> {noformat}
> INFO [qtp1675859208-228] (q.m.a.denied) - <<UNKNOWN>> ACL-1002 : Denied : Access Management
> INFO [qtp1675859208-64] (q.m.a.allowed) - <<UNKNOWN>> ACL-1001 : Allowed : Access Management
> INFO [qtp1675859208-64] (q.m.m.open) - [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
> {noformat}
> As result, it is impossible to identify the principal name of authenticated user in operational log when access is denied.
> Thought, it is possible to get the principal name for "allowed" outcome by looking into the following logs from the same thread, it would be beneficial to print the real principal information in the log for Allowed outcome.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org