You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2014/11/21 22:17:59 UTC
[04/14] knox git commit: KNOX-465: Initial audit record can contain
leftover principal name
KNOX-465: Initial audit record can contain leftover principal name
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/f03d3021
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/f03d3021
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/f03d3021
Branch: refs/heads/v0.5.1
Commit: f03d302114878cecefb520b187ee2dd483bdabe0
Parents: 34b72b0
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Sat Nov 1 19:59:22 2014 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Fri Nov 21 15:58:49 2014 -0500
----------------------------------------------------------------------
.../filter/ShiroSubjectIdentityAdapter.java | 2 +-
.../apache/hadoop/gateway/GatewayFilter.java | 2 +-
.../apache/hadoop/gateway/GatewayServlet.java | 39 ++++++++++++--------
.../apache/hadoop/gateway/AuditLoggingTest.java | 8 ++++
.../hadoop/gateway/GatewayFilterTest.java | 13 +++++++
5 files changed, 46 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/f03d3021/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
index 408d051..2f0de73 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java
@@ -100,7 +100,7 @@ public class ShiroSubjectIdentityAdapter implements Filter {
Set<Principal> principals = new HashSet<Principal>();
Principal p = new PrimaryPrincipal(principal);
principals.add(p);
- auditService.createContext().setUsername( principal );
+ auditService.getContext().setUsername( principal ); //KM: Audit Fix
String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS );
http://git-wip-us.apache.org/repos/asf/knox/blob/f03d3021/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayFilter.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayFilter.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayFilter.java
index da903a8..7e6e6af 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayFilter.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayFilter.java
@@ -116,7 +116,7 @@ public class GatewayFilter implements Filter {
assignCorrelationRequestId();
// Populate Audit/correlation parameters
- AuditContext auditContext = auditService.createContext();
+ AuditContext auditContext = auditService.getContext();
auditContext.setTargetServiceName( match == null ? null : match.getValue().getResourceRole() );
auditContext.setRemoteIp( servletRequest.getRemoteAddr() );
auditContext.setRemoteHostname( servletRequest.getRemoteHost() );
http://git-wip-us.apache.org/repos/asf/knox/blob/f03d3021/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServlet.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServlet.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServlet.java
index b25ec17..27febb5 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServlet.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServlet.java
@@ -19,6 +19,7 @@ package org.apache.hadoop.gateway;
import org.apache.hadoop.gateway.audit.api.Action;
import org.apache.hadoop.gateway.audit.api.ActionOutcome;
+import org.apache.hadoop.gateway.audit.api.AuditService;
import org.apache.hadoop.gateway.audit.api.AuditServiceFactory;
import org.apache.hadoop.gateway.audit.api.Auditor;
import org.apache.hadoop.gateway.audit.api.ResourceType;
@@ -53,7 +54,8 @@ public class GatewayServlet implements Servlet {
private static final GatewayResources res = ResourcesFactory.get( GatewayResources.class );
private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
-
+
+ private static AuditService auditService = AuditServiceFactory.getAuditService();
private static Auditor auditor = AuditServiceFactory.getAuditService()
.getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME,
AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME );
@@ -111,23 +113,28 @@ public class GatewayServlet implements Servlet {
@Override
public void service( ServletRequest servletRequest, ServletResponse servletResponse ) throws ServletException, IOException {
- GatewayFilter f = filter;
- if( f != null ) {
- try {
- f.doFilter( servletRequest, servletResponse );
- } catch( IOException e ) {
- LOG.failedToExecuteFilter( e );
- throw e;
- } catch( ServletException e ) {
- LOG.failedToExecuteFilter( e );
- throw e;
+ try {
+ auditService.createContext();
+ GatewayFilter f = filter;
+ if( f != null ) {
+ try {
+ f.doFilter( servletRequest, servletResponse );
+ } catch( IOException e ) {
+ LOG.failedToExecuteFilter( e );
+ throw e;
+ } catch( ServletException e ) {
+ LOG.failedToExecuteFilter( e );
+ throw e;
+ }
+ } else {
+ ((HttpServletResponse)servletResponse).setStatus( HttpServletResponse.SC_SERVICE_UNAVAILABLE );
}
- } else {
- ((HttpServletResponse)servletResponse).setStatus( HttpServletResponse.SC_SERVICE_UNAVAILABLE );
+ String requestUri = (String)servletRequest.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
+ int status = ((HttpServletResponse)servletResponse).getStatus();
+ auditor.audit( Action.ACCESS, requestUri, ResourceType.URI, ActionOutcome.SUCCESS, res.responseStatus( status ) );
+ } finally {
+ auditService.detachContext();
}
- String requestUri = (String)servletRequest.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
- int status = ((HttpServletResponse)servletResponse).getStatus();
- auditor.audit( Action.ACCESS, requestUri, ResourceType.URI, ActionOutcome.SUCCESS, res.responseStatus( status ) );
}
@Override
http://git-wip-us.apache.org/repos/asf/knox/blob/f03d3021/gateway-server/src/test/java/org/apache/hadoop/gateway/AuditLoggingTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/AuditLoggingTest.java b/gateway-server/src/test/java/org/apache/hadoop/gateway/AuditLoggingTest.java
index ae31b20..b15c56b 100644
--- a/gateway-server/src/test/java/org/apache/hadoop/gateway/AuditLoggingTest.java
+++ b/gateway-server/src/test/java/org/apache/hadoop/gateway/AuditLoggingTest.java
@@ -40,6 +40,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.gateway.audit.api.Action;
import org.apache.hadoop.gateway.audit.api.ActionOutcome;
import org.apache.hadoop.gateway.audit.api.AuditContext;
+import org.apache.hadoop.gateway.audit.api.AuditServiceFactory;
import org.apache.hadoop.gateway.audit.api.CorrelationContext;
import org.apache.hadoop.gateway.audit.api.ResourceType;
import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
@@ -50,6 +51,7 @@ import org.apache.hadoop.gateway.i18n.resources.ResourcesFactory;
import org.apache.hadoop.test.log.CollectAppender;
import org.apache.log4j.spi.LoggingEvent;
import org.easymock.EasyMock;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -63,9 +65,15 @@ public class AuditLoggingTest {
@Before
public void loggingSetup() {
+ AuditServiceFactory.getAuditService().createContext();
CollectAppender.queue.clear();
}
+ @After
+ public void reset() {
+ AuditServiceFactory.getAuditService().detachContext();
+ }
+
@Test
/**
* Empty filter chain. Two events with same correlation ID are expected:
http://git-wip-us.apache.org/repos/asf/knox/blob/f03d3021/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayFilterTest.java b/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayFilterTest.java
index 973fd99..5c55929 100644
--- a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayFilterTest.java
+++ b/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayFilterTest.java
@@ -17,10 +17,13 @@
*/
package org.apache.hadoop.gateway;
+import org.apache.hadoop.gateway.audit.api.AuditServiceFactory;
import org.apache.hadoop.gateway.filter.AbstractGatewayFilter;
import org.apache.hadoop.test.category.FastTests;
import org.apache.hadoop.test.category.UnitTests;
import org.easymock.EasyMock;
+import org.junit.After;
+import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -39,6 +42,16 @@ import static org.hamcrest.MatcherAssert.assertThat;
@Category( { UnitTests.class, FastTests.class } )
public class GatewayFilterTest {
+ @Before
+ public void setup() {
+ AuditServiceFactory.getAuditService().createContext();
+ }
+
+ @After
+ public void reset() {
+ AuditServiceFactory.getAuditService().detachContext();
+ }
+
@Test
public void testNoFilters() throws ServletException, IOException {