You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by br...@apache.org on 2022/11/04 13:44:28 UTC

[activemq-artemis] branch main updated: ARTEMIS-4071 Fix erroneus audit log messages due to console logouts

This is an automated email from the ASF dual-hosted git repository.

brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new d3e0ca3e11 ARTEMIS-4071 Fix erroneus audit log messages due to console logouts
d3e0ca3e11 is described below

commit d3e0ca3e1137356f493b7b4d0e4f60a0abad8f86
Author: Domenico Francesco Bruscino <br...@apache.org>
AuthorDate: Tue Oct 25 10:20:30 2022 +0200

    ARTEMIS-4071 Fix erroneus audit log messages due to console logouts
    
    The HTTP Informational responses (100 – 199) and redirection messages
    (300 – 399) must be ignored they don't mean an authentication failure.
---
 .../activemq/artemis/component/AuthenticationFilter.java       | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java b/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
index 6a94d7c6dc..73a99903c8 100644
--- a/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
+++ b/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
@@ -43,14 +43,18 @@ public class AuthenticationFilter implements Filter {
       filterChain.doFilter(servletRequest, servletResponse);
       if (AuditLogger.isAnyLoggingEnabled()) {
          int status = ((Response) servletResponse).getStatus();
-         //status 200 means that the user has been authenticated, anything else must be a failure
-         if (status == 200) {
+         if (status >= 200 && status < 299) {
+            //Successful responses (200 – 299)
+            //the user has been authenticated if the session isn't empty
             //the hawtio logout servlet cleans the session and redirects to the login servlet
             HttpSession session = ((Request) servletRequest).getSession(false);
             if (session != null) {
                AuditLogger.userSuccesfullyAuthenticatedInAudit(session != null ? (Subject) session.getAttribute("subject") : null);
             }
-         } else {
+         } else if (status >= 400 && status < 599) {
+            //Client error responses (400 – 499)
+            //Server error responses (500 – 599)
+            //the user authentication has failed
             AuditLogger.userFailedAuthenticationInAudit("" + status);
          }
       }