You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by br...@apache.org on 2022/11/04 13:44:28 UTC
[activemq-artemis] branch main updated: ARTEMIS-4071 Fix erroneus audit log messages due to console logouts
This is an automated email from the ASF dual-hosted git repository.
brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new d3e0ca3e11 ARTEMIS-4071 Fix erroneus audit log messages due to console logouts
d3e0ca3e11 is described below
commit d3e0ca3e1137356f493b7b4d0e4f60a0abad8f86
Author: Domenico Francesco Bruscino <br...@apache.org>
AuthorDate: Tue Oct 25 10:20:30 2022 +0200
ARTEMIS-4071 Fix erroneus audit log messages due to console logouts
The HTTP Informational responses (100 – 199) and redirection messages
(300 – 399) must be ignored they don't mean an authentication failure.
---
.../activemq/artemis/component/AuthenticationFilter.java | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java b/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
index 6a94d7c6dc..73a99903c8 100644
--- a/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
+++ b/artemis-web/src/main/java/org/apache/activemq/artemis/component/AuthenticationFilter.java
@@ -43,14 +43,18 @@ public class AuthenticationFilter implements Filter {
filterChain.doFilter(servletRequest, servletResponse);
if (AuditLogger.isAnyLoggingEnabled()) {
int status = ((Response) servletResponse).getStatus();
- //status 200 means that the user has been authenticated, anything else must be a failure
- if (status == 200) {
+ if (status >= 200 && status < 299) {
+ //Successful responses (200 – 299)
+ //the user has been authenticated if the session isn't empty
//the hawtio logout servlet cleans the session and redirects to the login servlet
HttpSession session = ((Request) servletRequest).getSession(false);
if (session != null) {
AuditLogger.userSuccesfullyAuthenticatedInAudit(session != null ? (Subject) session.getAttribute("subject") : null);
}
- } else {
+ } else if (status >= 400 && status < 599) {
+ //Client error responses (400 – 499)
+ //Server error responses (500 – 599)
+ //the user authentication has failed
AuditLogger.userFailedAuthenticationInAudit("" + status);
}
}