[activemq-artemis] branch main updated: ARTEMIS-3462 Improve MBean Guard exception messages

[brusdev]

This is an automated email from the ASF dual-hosted git repository.

brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new 9d04c9d  ARTEMIS-3462 Improve MBean Guard exception messages
9d04c9d is described below

commit 9d04c9d51d349b49761b0a372c48b687bcd88cff
Author: Domenico Francesco Bruscino <brus...@apache.org>
AuthorDate: Tue Sep 7 14:07:19 2021 +0200

    ARTEMIS-3462 Improve MBean Guard exception messages
---
 .../core/server/management/ArtemisMBeanServerGuard.java  | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
index 57df5f7..02c4c34 100644
--- 
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
+++ 
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
@@ -77,10 +77,14 @@ public class ArtemisMBeanServerGuard implements 
InvocationHandler {
             prefix = attr.isIs() ? "is" : "get";
          }
       }
-      if (prefix == null) {
-         //ActiveMQServerLogger.LOGGER.debug("Attribute " + attributeName + " 
can not be found for MBean " + objectName.toString());
-      } else {
-         handleInvoke(objectName, prefix + attributeName);
+
+      if (prefix != null) {
+         try {
+            handleInvoke(objectName, prefix + attributeName);
+         } catch (SecurityException e) {
+            // The security exception message is shown in the attributes tab 
of the console.
+            throw new SecurityException("User not authorized to access 
attribute: " + attributeName, e);
+         }
       }
    }
 
@@ -121,7 +125,7 @@ public class ArtemisMBeanServerGuard implements 
InvocationHandler {
       try {
          objectName = ObjectName.getInstance(object);
       } catch (MalformedObjectNameException e) {
-         ActiveMQServerLogger.LOGGER.debug("can't check invoke rights as 
object name invalid: " + objectName);
+         ActiveMQServerLogger.LOGGER.debug("can't check invoke rights as 
object name invalid: " + object);
          return false;
       }
       if (canBypassRBAC(objectName)) {
@@ -149,7 +153,7 @@ public class ArtemisMBeanServerGuard implements 
InvocationHandler {
       if (AuditLogger.isResourceLoggingEnabled()) {
          AuditLogger.objectInvokedFailure(objectName, operationName);
       }
-      throw new SecurityException("Insufficient roles/credentials for 
operation");
+      throw new SecurityException("User not authorized to access operation: " 
+ operationName);
    }
 
    List<String> getRequiredRoles(ObjectName objectName, String methodName) {