Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-4186

JMX management ACL allow/deny logging not useful because it does not include principal name

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.16
    • Fix Version/s: 0.19
    • Component/s: Broker-J
    • Labels:
      None

      Description

      When a security plugin (e.g. the ACL plugin) allows or denies an operation, an operational log message is produced. Unfortunately the message does not include the user name (the log actor "Broker" is printed instead) so is of limited use.

        Issue Links

          Activity

          Hide
          alex.rufous Alex Rudyy added a comment -

          attached patch

          Show
          alex.rufous Alex Rudyy added a comment - attached patch
          Hide
          alex.rufous Alex Rudyy added a comment -

          please commit.

          Show
          alex.rufous Alex Rudyy added a comment - please commit.
          Hide
          philharveyonline Philip Harvey added a comment -

          I have reviewed this change and am happy with it.

          Show
          philharveyonline Philip Harvey added a comment - I have reviewed this change and am happy with it.
          Hide
          gemmellr Robbie Gemmell added a comment -

          Patch applied with one tiny change:

          @@ -157,9 +157,9 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler, Notificati
           
                       // Save the subject
                       SecurityManager.setThreadSubject(subject);
          +            CurrentActor.set(_logActor);
                       try
                       {
          -                CurrentActor.set(_logActor);
                           return authoriseAndInvoke(method, args);
                       }
                       finally
          
          Show
          gemmellr Robbie Gemmell added a comment - Patch applied with one tiny change: @@ -157,9 +157,9 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler, Notificati // Save the subject SecurityManager.setThreadSubject(subject); + CurrentActor.set(_logActor); try { - CurrentActor.set(_logActor); return authoriseAndInvoke(method, args); } finally

            People

            • Assignee:
              gemmellr Robbie Gemmell
              Reporter:
              alex.rufous Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development