You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/07/24 06:39:36 UTC
svn commit: r558926 - in
/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos:
kdc/ kdc/authentication/ kdc/ticketgrant/ protocol/
Author: erodriguez
Date: Mon Jul 23 21:39:32 2007
New Revision: 558926
URL: http://svn.apache.org/viewvc?view=rev&rev=558926
Log:
Clean-up of logging monitors in protocol-kerberos AS and TGS:
o Reordered logged attributes to read more intuitively (start time before end time, etc.)
o Minor refactoring to simply make AS and TGS monitors more similar.
o Corrected service names used during logging, which was confusing.
o Fixed error message logging, which never worked.
Added:
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java (contents, props changed)
- copied, changed from r558907, directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java
Removed:
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java
Modified:
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java?view=diff&rev=558926&r1=558925&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java Mon Jul 23 21:39:32 2007
@@ -20,7 +20,6 @@
package org.apache.directory.server.kerberos.kdc;
-import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
import org.apache.directory.server.kerberos.shared.messages.KdcReply;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -37,37 +36,50 @@
/** the log for this class */
private static final Logger log = LoggerFactory.getLogger( MonitorReply.class );
+ private String serviceName;
+
private String contextKey = "context";
+ /**
+ * Creates a new instance of MonitorReply.
+ *
+ * @param serviceName
+ */
+ public MonitorReply( String serviceName )
+ {
+ this.serviceName = serviceName;
+ }
+
+
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
Object reply = kdcContext.getReply();
- if ( reply instanceof KdcReply )
+ if ( log.isDebugEnabled() )
{
- KdcReply success = ( KdcReply ) reply;
-
- if ( log.isDebugEnabled() )
+ if ( reply instanceof KdcReply )
{
+ KdcReply success = ( KdcReply ) reply;
+
try
{
StringBuffer sb = new StringBuffer();
- sb.append( "Responding to authentication request with reply:" );
+ sb.append( "Responding with " + serviceName + " reply:" );
+ sb.append( "\n\t" + "messageType: " + success.getMessageType() );
+ sb.append( "\n\t" + "protocolVersionNumber: " + success.getProtocolVersionNumber() );
+ sb.append( "\n\t" + "nonce: " + success.getNonce() );
+ sb.append( "\n\t" + "clientPrincipal: " + success.getClientPrincipal() );
sb.append( "\n\t" + "client realm: " + success.getClientRealm() );
- sb.append( "\n\t" + "server realm: " + success.getServerRealm() );
sb.append( "\n\t" + "serverPrincipal: " + success.getServerPrincipal() );
- sb.append( "\n\t" + "clientPrincipal: " + success.getClientPrincipal() );
- sb.append( "\n\t" + "hostAddresses: " + success.getClientAddresses() );
+ sb.append( "\n\t" + "server realm: " + success.getServerRealm() );
+ sb.append( "\n\t" + "auth time: " + success.getAuthTime() );
sb.append( "\n\t" + "start time: " + success.getStartTime() );
sb.append( "\n\t" + "end time: " + success.getEndTime() );
- sb.append( "\n\t" + "auth time: " + success.getAuthTime() );
- sb.append( "\n\t" + "renew till time: " + success.getRenewTill() );
- sb.append( "\n\t" + "messageType: " + success.getMessageType() );
- sb.append( "\n\t" + "nonce: " + success.getNonce() );
- sb.append( "\n\t" + "protocolVersionNumber: " + success.getProtocolVersionNumber() );
+ sb.append( "\n\t" + "renew-till time: " + success.getRenewTill() );
+ sb.append( "\n\t" + "hostAddresses: " + success.getClientAddresses() );
log.debug( sb.toString() );
}
@@ -75,36 +87,6 @@
{
// This is a monitor. No exceptions should bubble up.
log.error( "Error in reply monitor", e );
- }
- }
- }
- else
- {
- if ( reply instanceof ErrorMessage )
- {
- ErrorMessage error = ( ErrorMessage ) reply;
-
- if ( log.isDebugEnabled() )
- {
- try
- {
- StringBuffer sb = new StringBuffer();
-
- sb.append( "Responding to authentication request with error:" );
- sb.append( "\n\t" + "serverPrincipal: " + error.getServerPrincipal() );
- sb.append( "\n\t" + "clientPrincipal: " + error.getClientPrincipal() );
- sb.append( "\n\t" + "server time: " + error.getClientTime() );
- sb.append( "\n\t" + "client time: " + error.getServerTime() );
- sb.append( "\n\t" + "error code: " + error.getErrorCode() );
- sb.append( "\n\t" + "explanatory text: " + error.getExplanatoryText() );
-
- log.debug( sb.toString() );
- }
- catch ( Exception e )
- {
- // This is a monitor. No exceptions should bubble up.
- log.error( "Error in reply monitor", e );
- }
}
}
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java?view=diff&rev=558926&r1=558925&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java Mon Jul 23 21:39:32 2007
@@ -37,35 +37,49 @@
/** the log for this class */
private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class );
+ private String serviceName;
+
private String contextKey = "context";
+ /**
+ * Creates a new instance of MonitorRequest.
+ *
+ * @param serviceName
+ */
+ public MonitorRequest( String serviceName )
+ {
+ this.serviceName = serviceName;
+ }
+
+
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
KdcRequest request = kdcContext.getRequest();
- String clientAddress = kdcContext.getClientAddress().getHostAddress();
if ( log.isDebugEnabled() )
{
try
{
+ String clientAddress = kdcContext.getClientAddress().getHostAddress();
+
StringBuffer sb = new StringBuffer();
- sb.append( "Responding to authentication request:" );
- sb.append( "\n\t" + "realm: " + request.getRealm() );
- sb.append( "\n\t" + "serverPrincipal: " + request.getServerPrincipal() );
- sb.append( "\n\t" + "clientPrincipal: " + request.getClientPrincipal() );
- sb.append( "\n\t" + "clientAddress: " + clientAddress );
- sb.append( "\n\t" + "hostAddresses: " + request.getAddresses() );
- sb.append( "\n\t" + "encryptionType: " + getEncryptionTypes( request ) );
- sb.append( "\n\t" + "from krb time: " + request.getFrom() );
- sb.append( "\n\t" + "realm krb time: " + request.getRtime() );
- sb.append( "\n\t" + "kdcOptions: " + request.getKdcOptions() );
+ sb.append( "Received " + serviceName + " request:" );
sb.append( "\n\t" + "messageType: " + request.getMessageType() );
- sb.append( "\n\t" + "nonce: " + request.getNonce() );
sb.append( "\n\t" + "protocolVersionNumber: " + request.getProtocolVersionNumber() );
- sb.append( "\n\t" + "till: " + request.getTill() );
+ sb.append( "\n\t" + "clientAddress: " + clientAddress );
+ sb.append( "\n\t" + "nonce: " + request.getNonce() );
+ sb.append( "\n\t" + "kdcOptions: " + request.getKdcOptions() );
+ sb.append( "\n\t" + "clientPrincipal: " + request.getClientPrincipal() );
+ sb.append( "\n\t" + "serverPrincipal: " + request.getServerPrincipal() );
+ sb.append( "\n\t" + "encryptionType: " + getEncryptionTypes( request ) );
+ sb.append( "\n\t" + "realm: " + request.getRealm() );
+ sb.append( "\n\t" + "from time: " + request.getFrom() );
+ sb.append( "\n\t" + "till time: " + request.getTill() );
+ sb.append( "\n\t" + "renew-till time: " + request.getRtime() );
+ sb.append( "\n\t" + "hostAddresses: " + request.getAddresses() );
log.debug( sb.toString() );
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java?view=diff&rev=558926&r1=558925&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java Mon Jul 23 21:39:32 2007
@@ -20,24 +20,39 @@
package org.apache.directory.server.kerberos.kdc.authentication;
+import org.apache.directory.server.kerberos.kdc.MonitorReply;
import org.apache.directory.server.kerberos.kdc.MonitorRequest;
import org.apache.directory.server.kerberos.kdc.SelectEncryptionType;
import org.apache.directory.server.kerberos.kdc.preauthentication.PreAuthenticationChain;
import org.apache.mina.handler.chain.IoHandlerChain;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
+ * KRB_AS_REQ verification and KRB_AS_REP generation.
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public class AuthenticationServiceChain extends IoHandlerChain
{
+ /** the log for this class */
+ private static final Logger log = LoggerFactory.getLogger( AuthenticationServiceChain.class );
+
+ private String serviceName = "Authentication Service (AS)";
+
+
/**
* Creates a new instance of AuthenticationServiceChain.
*/
public AuthenticationServiceChain()
{
- addLast( "monitorRequest", new MonitorRequest() );
+ if ( log.isDebugEnabled() )
+ {
+ addLast( "monitorRequest", new MonitorRequest( serviceName ) );
+ }
+
addLast( "configureAuthenticationChain", new ConfigureAuthenticationChain() );
addLast( "selectEncryptionType", new SelectEncryptionType() );
addLast( "getClientEntry", new GetClientEntry() );
@@ -46,6 +61,17 @@
addLast( "getServerEntry", new GetServerEntry() );
addLast( "generateTicket", new GenerateTicket() );
addLast( "buildReply", new BuildReply() );
+
+ if ( log.isDebugEnabled() )
+ {
+ addLast( "monitorContext", new MonitorContext( serviceName ) );
+ }
+
+ if ( log.isDebugEnabled() )
+ {
+ addLast( "monitorReply", new MonitorReply( serviceName ) );
+ }
+
addLast( "sealReply", new SealReply() );
}
}
Copied: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java (from r558907, directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java?view=diff&rev=558926&p1=directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java&r1=558907&p2=directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java Mon Jul 23 21:39:32 2007
@@ -17,9 +17,15 @@
* under the License.
*
*/
-package org.apache.directory.server.kerberos.kdc;
+package org.apache.directory.server.kerberos.kdc.authentication;
+import java.net.InetAddress;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
import org.slf4j.Logger;
@@ -35,24 +41,64 @@
/** the log for this class */
private static final Logger log = LoggerFactory.getLogger( MonitorContext.class );
+ private String serviceName;
+
private String contextKey = "context";
- public void execute( NextCommand next, IoSession session, Object message ) throws Exception
+ /**
+ * Creates a new instance of MonitorContext.
+ *
+ * @param serviceName
+ */
+ public MonitorContext( String serviceName )
{
- KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
+ this.serviceName = serviceName;
+ }
+
+ public void execute( NextCommand next, IoSession session, Object message ) throws Exception
+ {
if ( log.isDebugEnabled() )
{
try
{
+ AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
+
+ long clockSkew = authContext.getConfig().getAllowableClockSkew();
+ InetAddress clientAddress = authContext.getClientAddress();
+
StringBuffer sb = new StringBuffer();
- sb.append( "Monitoring context:" );
- sb.append( "\n\t" + "config: " + kdcContext.getConfig() );
- sb.append( "\n\t" + "store: " + kdcContext.getStore() );
- sb.append( "\n\t" + "request: " + kdcContext.getRequest() );
- sb.append( "\n\t" + "reply: " + kdcContext.getReply() );
+ sb.append( "Monitoring " + serviceName + " context:" );
+
+ sb.append( "\n\t" + "clockSkew " + clockSkew );
+ sb.append( "\n\t" + "clientAddress " + clientAddress );
+
+ KerberosPrincipal clientPrincipal = authContext.getClientEntry().getPrincipal();
+ PrincipalStoreEntry clientEntry = authContext.getClientEntry();
+
+ sb.append( "\n\t" + "principal " + clientPrincipal );
+ sb.append( "\n\t" + "cn " + clientEntry.getCommonName() );
+ sb.append( "\n\t" + "realm " + clientEntry.getRealmName() );
+ sb.append( "\n\t" + "principal " + clientEntry.getPrincipal() );
+ sb.append( "\n\t" + "SAM type " + clientEntry.getSamType() );
+
+ KerberosPrincipal serverPrincipal = authContext.getRequest().getServerPrincipal();
+ PrincipalStoreEntry serverEntry = authContext.getServerEntry();
+
+ sb.append( "\n\t" + "principal " + serverPrincipal );
+ sb.append( "\n\t" + "cn " + serverEntry.getCommonName() );
+ sb.append( "\n\t" + "realm " + serverEntry.getRealmName() );
+ sb.append( "\n\t" + "principal " + serverEntry.getPrincipal() );
+ sb.append( "\n\t" + "SAM type " + serverEntry.getSamType() );
+
+ EncryptionType encryptionType = authContext.getEncryptionType();
+ int clientKeyVersion = clientEntry.getKeyMap().get( encryptionType ).getKeyVersion();
+ int serverKeyVersion = serverEntry.getKeyMap().get( encryptionType ).getKeyVersion();
+ sb.append( "\n\t" + "Request key type " + encryptionType );
+ sb.append( "\n\t" + "Client key version " + clientKeyVersion );
+ sb.append( "\n\t" + "Server key version " + serverKeyVersion );
log.debug( sb.toString() );
}
Propchange: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Mon Jul 23 21:39:32 2007
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java?view=diff&rev=558926&r1=558925&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java Mon Jul 23 21:39:32 2007
@@ -26,12 +26,9 @@
import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -48,9 +45,22 @@
/** the log for this class */
private static final Logger log = LoggerFactory.getLogger( MonitorContext.class );
+ private String serviceName;
+
private String contextKey = "context";
+ /**
+ * Creates a new instance of MonitorContext.
+ *
+ * @param serviceName
+ */
+ public MonitorContext( String serviceName )
+ {
+ this.serviceName = serviceName;
+ }
+
+
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
if ( log.isDebugEnabled() )
@@ -59,11 +69,8 @@
{
TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute( getContextKey() );
- PrincipalStore store = tgsContext.getStore();
- ApplicationRequest authHeader = tgsContext.getAuthHeader();
Ticket tgt = tgsContext.getTgt();
long clockSkew = tgsContext.getConfig().getAllowableClockSkew();
- ReplayCache replayCache = tgsContext.getReplayCache();
ChecksumType checksumType = tgsContext.getAuthenticator().getChecksum().getChecksumType();
InetAddress clientAddress = tgsContext.getClientAddress();
HostAddresses clientAddresses = tgt.getClientAddresses();
@@ -76,10 +83,8 @@
StringBuffer sb = new StringBuffer();
- sb.append( "\n\t" + "store " + store );
- sb.append( "\n\t" + "authHeader " + authHeader );
- sb.append( "\n\t" + "tgt " + tgt );
- sb.append( "\n\t" + "replayCache " + replayCache );
+ sb.append( "Monitoring " + serviceName + " context:" );
+
sb.append( "\n\t" + "clockSkew " + clockSkew );
sb.append( "\n\t" + "checksumType " + checksumType );
sb.append( "\n\t" + "clientAddress " + clientAddress );
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java?view=diff&rev=558926&r1=558925&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java Mon Jul 23 21:39:32 2007
@@ -39,6 +39,8 @@
/** the log for this class */
private static final Logger log = LoggerFactory.getLogger( TicketGrantingServiceChain.class );
+ private String serviceName = "Ticket-Granting Service (TGS)";
+
/**
* Creates a new instance of TicketGrantingServiceChain.
@@ -47,7 +49,7 @@
{
if ( log.isDebugEnabled() )
{
- addLast( "monitorRequest", new MonitorRequest() );
+ addLast( "monitorRequest", new MonitorRequest( serviceName ) );
}
addLast( "configureTicketGrantingChain", new ConfigureTicketGrantingChain() );
@@ -63,12 +65,12 @@
if ( log.isDebugEnabled() )
{
- addLast( "monitorContext", new MonitorContext() );
+ addLast( "monitorContext", new MonitorContext( serviceName ) );
}
if ( log.isDebugEnabled() )
{
- addLast( "monitorReply", new MonitorReply() );
+ addLast( "monitorReply", new MonitorReply( serviceName ) );
}
addLast( "sealReply", new SealReply() );
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java?view=diff&rev=558926&r1=558925&r2=558926
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java Mon Jul 23 21:39:32 2007
@@ -196,7 +196,14 @@
log.warn( ke.getMessage() );
}
- session.write( getErrorMessage( config.getServicePrincipal(), ke ) );
+ ErrorMessage error = getErrorMessage( config.getServicePrincipal(), ke );
+
+ if ( log.isDebugEnabled() )
+ {
+ logErrorMessage( error );
+ }
+
+ session.write( error );
}
catch ( Exception e )
{
@@ -231,6 +238,30 @@
modifier.setExplanatoryData( exception.getExplanatoryData() );
return modifier.getErrorMessage();
+ }
+
+
+ protected void logErrorMessage( ErrorMessage error )
+ {
+ try
+ {
+ StringBuffer sb = new StringBuffer();
+
+ sb.append( "Responding to request with error:" );
+ sb.append( "\n\t" + "explanatory text: " + error.getExplanatoryText() );
+ sb.append( "\n\t" + "error code: " + error.getErrorCode() );
+ sb.append( "\n\t" + "clientPrincipal: " + error.getClientPrincipal() );
+ sb.append( "\n\t" + "client time: " + error.getServerTime() );
+ sb.append( "\n\t" + "serverPrincipal: " + error.getServerPrincipal() );
+ sb.append( "\n\t" + "server time: " + error.getClientTime() );
+
+ log.debug( sb.toString() );
+ }
+ catch ( Exception e )
+ {
+ // This is a monitor. No exceptions should bubble up.
+ log.error( "Error in reply monitor", e );
+ }
}