Qpid
  1. Qpid
  2. QPID-4186

JMX management ACL allow/deny logging not useful because it does not include principal name

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.16
    • Fix Version/s: 0.19
    • Component/s: Java Broker
    • Labels:
      None

      Description

      When a security plugin (e.g. the ACL plugin) allows or denies an operation, an operational log message is produced. Unfortunately the message does not include the user name (the log actor "Broker" is printed instead) so is of limited use.

        Issue Links

          Activity

          Alex Rudyy created issue -
          Alex Rudyy made changes -
          Field Original Value New Value
          Status Open [ 1 ] In Progress [ 3 ]
          Hide
          Alex Rudyy added a comment -

          attached patch

          Show
          Alex Rudyy added a comment - attached patch
          Alex Rudyy made changes -
          Alex Rudyy made changes -
          Status In Progress [ 3 ] Ready To Review [ 10006 ]
          Hide
          Alex Rudyy added a comment -

          please commit.

          Show
          Alex Rudyy added a comment - please commit.
          Alex Rudyy made changes -
          Assignee Alex Rudyy [ alex.rufous ] Robbie Gemmell [ gemmellr ]
          Hide
          Philip Harvey added a comment -

          I have reviewed this change and am happy with it.

          Show
          Philip Harvey added a comment - I have reviewed this change and am happy with it.
          Robbie Gemmell made changes -
          Summary ACL allow/deny logging not useful because it does not include principal name JMX management ACL allow/deny logging not useful because it does not include principal name
          Philip Harvey made changes -
          Link This issue is related to QPID-4187 [ QPID-4187 ]
          Hide
          Robbie Gemmell added a comment -

          Patch applied with one tiny change:

          @@ -157,9 +157,9 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler, Notificati
           
                       // Save the subject
                       SecurityManager.setThreadSubject(subject);
          +            CurrentActor.set(_logActor);
                       try
                       {
          -                CurrentActor.set(_logActor);
                           return authoriseAndInvoke(method, args);
                       }
                       finally
          
          Show
          Robbie Gemmell added a comment - Patch applied with one tiny change: @@ -157,9 +157,9 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler, Notificati // Save the subject SecurityManager.setThreadSubject(subject); + CurrentActor.set(_logActor); try { - CurrentActor.set(_logActor); return authoriseAndInvoke(method, args); } finally
          Robbie Gemmell made changes -
          Status Ready To Review [ 10006 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Rob Godfrey made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open In Progress In Progress
          13m 17s 1 Alex Rudyy 03/Aug/12 10:19
          In Progress In Progress Reviewable Reviewable
          58s 1 Alex Rudyy 03/Aug/12 10:20
          Reviewable Reviewable Resolved Resolved
          2h 42m 1 Robbie Gemmell 03/Aug/12 13:02
          Resolved Resolved Closed Closed
          922d 8h 3m 1 Rob Godfrey 11/Feb/15 20:06

            People

            • Assignee:
              Robbie Gemmell
              Reporter:
              Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development