You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2015/07/23 22:31:57 UTC

knox git commit: KNOX-575: Add more logging for LDAP Authentication issues with ShiroProvider

Repository: knox
Updated Branches:
  refs/heads/master 02fea3a67 -> db926c9e7


KNOX-575: Add more logging for LDAP Authentication issues with ShiroProvider


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/db926c9e
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/db926c9e
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/db926c9e

Branch: refs/heads/master
Commit: db926c9e742525acfd3c6f28f5f562782e904e38
Parents: 02fea3a
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Thu Jul 23 16:31:48 2015 -0400
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Thu Jul 23 16:31:48 2015 -0400

----------------------------------------------------------------------
 CHANGES                                         |  1 +
 .../gateway/shirorealm/KnoxLdapRealm.java       |  6 +++
 .../shirorealm/impl/i18n/KnoxShiroMessages.java | 44 ++++++++++++++++++++
 3 files changed, 51 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/db926c9e/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index ed7bdc7..affc2f8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,7 @@ Release Notes - Apache Knox - Version 0.7.0
 ** Improvement
     * [KNOX-553] - Added topology validation from KnoxCLI to TopologyService deployment.
     * [KNOX-561] - Allow Knox pid directory to be configured via the knox-env.sh file
+    * [KNOX-575] - Adds more logging for ShiroProvider LDAP Authentication.
 
 ** Bug
     * [KNOX-554] - Fixed support for gateway.path change + added support for X-Forward-* headers in admin topology API.

http://git-wip-us.apache.org/repos/asf/knox/blob/db926c9e/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
index 3079416..1006053 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
@@ -48,6 +48,7 @@ import org.apache.hadoop.gateway.audit.api.Auditor;
 import org.apache.hadoop.gateway.audit.api.ResourceType;
 import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
 import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.shirorealm.impl.i18n.KnoxShiroMessages;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -117,6 +118,7 @@ import org.apache.shiro.util.StringUtils;
 public class KnoxLdapRealm extends JndiLdapRealm {
 
     private static GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
+    KnoxShiroMessages ShiroLog = MessagesFactory.get( KnoxShiroMessages.class );
     private static AuditService auditService = AuditServiceFactory.getAuditService();
     private static Auditor auditor = auditService.getAuditor(
         AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME,
@@ -175,6 +177,10 @@ public class KnoxLdapRealm extends JndiLdapRealm {
       return super.doGetAuthenticationInfo(token);
     } catch ( org.apache.shiro.authc.AuthenticationException e ) {
       auditor.audit( Action.AUTHENTICATION , token.getPrincipal().toString(), ResourceType.PRINCIPAL, ActionOutcome.FAILURE, e.getMessage() );
+      ShiroLog.failedLoginInfo(token);
+      ShiroLog.failedLoginStackTrace(e);
+      ShiroLog.failedLoginAttempt(e.getCause());
+
       throw e;
     }
   }

http://git-wip-us.apache.org/repos/asf/knox/blob/db926c9e/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java
new file mode 100644
index 0000000..c9de024
--- /dev/null
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.gateway.shirorealm.impl.i18n;
+
+import org.apache.hadoop.gateway.i18n.messages.Message;
+import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
+import org.apache.hadoop.gateway.i18n.messages.Messages;
+
+import org.apache.hadoop.gateway.i18n.messages.StackTrace;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.subject.Subject;
+
+@Messages(logger = "org.apache.hadoop.gateway")
+public interface KnoxShiroMessages {
+
+  @Message(level = MessageLevel.ERROR, text = "Shiro unable to login: {0}")
+  void failedLoginAttempt(Throwable e);
+
+  @Message(level = MessageLevel.INFO, text = "Could not login: {0}")
+  void failedLoginInfo(AuthenticationToken token);
+
+  @Message( level = MessageLevel.DEBUG, text = "Failed to Authenticate with LDAP server: {1}" )
+  void failedLoginStackTrace( @StackTrace( level = MessageLevel.DEBUG ) Exception e );
+
+  @Message(level = MessageLevel.INFO, text = "Successfully logged in: {0}, {1}")
+  void successfulLoginAttempt(Subject subject, AuthenticationToken authToken);
+
+}