You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2015/07/23 22:31:57 UTC
knox git commit: KNOX-575: Add more logging for LDAP Authentication
issues with ShiroProvider
Repository: knox
Updated Branches:
refs/heads/master 02fea3a67 -> db926c9e7
KNOX-575: Add more logging for LDAP Authentication issues with ShiroProvider
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/db926c9e
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/db926c9e
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/db926c9e
Branch: refs/heads/master
Commit: db926c9e742525acfd3c6f28f5f562782e904e38
Parents: 02fea3a
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Thu Jul 23 16:31:48 2015 -0400
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Thu Jul 23 16:31:48 2015 -0400
----------------------------------------------------------------------
CHANGES | 1 +
.../gateway/shirorealm/KnoxLdapRealm.java | 6 +++
.../shirorealm/impl/i18n/KnoxShiroMessages.java | 44 ++++++++++++++++++++
3 files changed, 51 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/db926c9e/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index ed7bdc7..affc2f8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,7 @@ Release Notes - Apache Knox - Version 0.7.0
** Improvement
* [KNOX-553] - Added topology validation from KnoxCLI to TopologyService deployment.
* [KNOX-561] - Allow Knox pid directory to be configured via the knox-env.sh file
+ * [KNOX-575] - Adds more logging for ShiroProvider LDAP Authentication.
** Bug
* [KNOX-554] - Fixed support for gateway.path change + added support for X-Forward-* headers in admin topology API.
http://git-wip-us.apache.org/repos/asf/knox/blob/db926c9e/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
index 3079416..1006053 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
@@ -48,6 +48,7 @@ import org.apache.hadoop.gateway.audit.api.Auditor;
import org.apache.hadoop.gateway.audit.api.ResourceType;
import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.shirorealm.impl.i18n.KnoxShiroMessages;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
@@ -117,6 +118,7 @@ import org.apache.shiro.util.StringUtils;
public class KnoxLdapRealm extends JndiLdapRealm {
private static GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
+ KnoxShiroMessages ShiroLog = MessagesFactory.get( KnoxShiroMessages.class );
private static AuditService auditService = AuditServiceFactory.getAuditService();
private static Auditor auditor = auditService.getAuditor(
AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME,
@@ -175,6 +177,10 @@ public class KnoxLdapRealm extends JndiLdapRealm {
return super.doGetAuthenticationInfo(token);
} catch ( org.apache.shiro.authc.AuthenticationException e ) {
auditor.audit( Action.AUTHENTICATION , token.getPrincipal().toString(), ResourceType.PRINCIPAL, ActionOutcome.FAILURE, e.getMessage() );
+ ShiroLog.failedLoginInfo(token);
+ ShiroLog.failedLoginStackTrace(e);
+ ShiroLog.failedLoginAttempt(e.getCause());
+
throw e;
}
}
http://git-wip-us.apache.org/repos/asf/knox/blob/db926c9e/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java
new file mode 100644
index 0000000..c9de024
--- /dev/null
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/impl/i18n/KnoxShiroMessages.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.gateway.shirorealm.impl.i18n;
+
+import org.apache.hadoop.gateway.i18n.messages.Message;
+import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
+import org.apache.hadoop.gateway.i18n.messages.Messages;
+
+import org.apache.hadoop.gateway.i18n.messages.StackTrace;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.subject.Subject;
+
+@Messages(logger = "org.apache.hadoop.gateway")
+public interface KnoxShiroMessages {
+
+ @Message(level = MessageLevel.ERROR, text = "Shiro unable to login: {0}")
+ void failedLoginAttempt(Throwable e);
+
+ @Message(level = MessageLevel.INFO, text = "Could not login: {0}")
+ void failedLoginInfo(AuthenticationToken token);
+
+ @Message( level = MessageLevel.DEBUG, text = "Failed to Authenticate with LDAP server: {1}" )
+ void failedLoginStackTrace( @StackTrace( level = MessageLevel.DEBUG ) Exception e );
+
+ @Message(level = MessageLevel.INFO, text = "Successfully logged in: {0}, {1}")
+ void successfulLoginAttempt(Subject subject, AuthenticationToken authToken);
+
+}