You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@activemq.apache.org by "Hiram Chirino (JIRA)" <ji...@apache.org> on 2011/08/29 13:59:37 UTC

[jira] [Updated] (APLO-84) Log more information in case of authorization failures

     [ https://issues.apache.org/jira/browse/APLO-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hiram Chirino updated APLO-84:
------------------------------

      Component/s: apollo-stomp
                   apollo-broker
    Fix Version/s: 1.0
         Assignee: Hiram Chirino

Totally agree.

> Log more information in case of authorization failures
> ------------------------------------------------------
>
>                 Key: APLO-84
>                 URL: https://issues.apache.org/jira/browse/APLO-84
>             Project: ActiveMQ Apollo
>          Issue Type: Improvement
>          Components: apollo-broker, apollo-stomp
>            Reporter: Lionel Cons
>            Assignee: Hiram Chirino
>             Fix For: 1.0
>
>
> In case of failed plain text connection, we get:
>  2011-08-29 09:21:26,936 connected: local:/192.168.183.22:6123, remote:/192.168.208.50:44390
>  2011-08-29 09:21:26,947 STOMP connection '/192.168.208.50:44390' error: Connect not authorized. Username=monitor
>  2011-08-29 09:21:26,951 disconnected: local:/192.168.183.22:6123, remote:/192.168.208.50:44390
> But in case of failed X.509 connection, we only get:
>  2011-08-29 09:21:42,961 connected: local:/192.168.183.22:6133, remote:/192.168.208.50:33530
>  2011-08-29 09:21:43,009 STOMP connection '/192.168.208.50:33530' error: Connect not authorized.
>  2011-08-29 09:21:43,011 disconnected: local:/192.168.183.22:6133, remote:/192.168.208.50:33530
> Would it be possible to also log the DN that failed to authenticate?
> More generally, in case of authorization failure, we get minimal
> information:
>  2011-08-29 09:36:42,061 connected: local:/192.168.183.22:6133, remote:/192.168.208.50:49343
>  2011-08-29 09:36:42,214 STOMP connection '/192.168.208.50:49343' error: Not authorized to receive from the destination.
>  2011-08-29 09:36:42,217 disconnected: local:/192.168.183.22:6133, remote:/192.168.208.50:49343
> Would it be possible to log more and include the identity (ideally, a
> list of pairs of principal kind + value) and the destination (probably
> as a pair of kind + name)?
> This extra information would greatly help creating and testing authorization rules as per APLO-56...

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira