This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new d692680a0b ARTEMIS-5248 add all roles in an ordered list to the audit
log user string
d692680a0b is described below
commit d692680a0bf348b2855a85200bcd5de3e6c72a41
Author: Gary Tully <[email protected]>
AuthorDate: Thu Jan 16 15:04:57 2025 +0000
ARTEMIS-5248 add all roles in an ordered list to the audit log user string
---
.../apache/activemq/artemis/logs/AuditLogger.java | 9 ++-
.../activemq/artemis/logs/AuditLoggerTest.java | 68 ++++++++++++++++++++++
.../logging/AuditLoggerAMQPMutualSSLTest.java | 12 ++--
3 files changed, 82 insertions(+), 7 deletions(-)
diff --git
a/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java
b/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java
index 85082e542b..b6a9c25f29 100644
---
a/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java
+++
b/artemis-commons/src/main/java/org/apache/activemq/artemis/logs/AuditLogger.java
@@ -25,7 +25,9 @@ import javax.management.ObjectName;
import javax.security.auth.Subject;
import java.security.AccessController;
import java.security.Principal;
+import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.Set;
/**
@@ -80,6 +82,7 @@ public interface AuditLogger {
static String getCaller(Subject subject, String remoteAddress) {
String user = "anonymous";
String roles = "";
+ ArrayList<String> principalRoles = new ArrayList<>();
String url = remoteAddress == null ? (AuditLogger.remoteAddress.get() ==
null ? "@unknown" : AuditLogger.remoteAddress.get()) :
formatRemoteAddress(remoteAddress);
if (subject != null) {
Set<Principal> principals = subject.getPrincipals();
@@ -87,10 +90,14 @@ public interface AuditLogger {
if (principal.getClass().getName().endsWith("UserPrincipal")) {
user = principal.getName();
} else if
(principal.getClass().getName().endsWith("RolePrincipal")) {
- roles = "(" + principal.getName() + ")";
+ principalRoles.add(principal.getName());
}
}
}
+ if (!principalRoles.isEmpty()) {
+ Collections.sort(principalRoles);
+ roles = "(" + String.join(",", principalRoles) + ")";
+ }
return user + roles + url;
}
diff --git
a/artemis-commons/src/test/java/org/apache/activemq/artemis/logs/AuditLoggerTest.java
b/artemis-commons/src/test/java/org/apache/activemq/artemis/logs/AuditLoggerTest.java
new file mode 100644
index 0000000000..dc04d6010e
--- /dev/null
+++
b/artemis-commons/src/test/java/org/apache/activemq/artemis/logs/AuditLoggerTest.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.logs;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class AuditLoggerTest {
+
+ @Test
+ void getCaller() {
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new TestUserPrincipal("A"));
+ assertEquals("A@addr", AuditLogger.getCaller(subject, "addr"));
+
+ subject.getPrincipals().add(new TestRolePrincipal("B"));
+ assertEquals("A(B)@addr", AuditLogger.getCaller(subject, "addr"));
+
+ subject.getPrincipals().add(new TestRolePrincipal("D"));
+ assertEquals("A(B,D)@addr", AuditLogger.getCaller(subject, "addr"));
+
+ // verify consistent order
+ subject.getPrincipals().add(new TestRolePrincipal("C"));
+ assertEquals("A(B,C,D)@addr", AuditLogger.getCaller(subject, "addr"));
+ }
+
+ private class TestRolePrincipal implements Principal {
+ final String name;
+ TestRolePrincipal(String s) {
+ name = s;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+ }
+
+ private class TestUserPrincipal implements Principal {
+ final String name;
+ TestUserPrincipal(String s) {
+ name = s;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+ }
+}
+
diff --git
a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/logging/AuditLoggerAMQPMutualSSLTest.java
b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/logging/AuditLoggerAMQPMutualSSLTest.java
index 649b016088..286ffb30e4 100644
---
a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/logging/AuditLoggerAMQPMutualSSLTest.java
+++
b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/logging/AuditLoggerAMQPMutualSSLTest.java
@@ -76,11 +76,11 @@ public class AuditLoggerAMQPMutualSSLTest extends
AuditLoggerTestBase {
assertNotNull(m);
}
- assertTrue(findLogRecord(getAuditLog(), "AMQ601715: User
myUser(producers)@", "successfully authenticated"));
- assertTrue(findLogRecord(getAuditLog(), "AMQ601267: User
myUser(producers)@", "is creating a core session"));
- assertTrue(findLogRecord(getAuditLog(), "AMQ601500: User
myUser(producers)@", "sent a message AMQPStandardMessage"));
- assertTrue(findLogRecord(getAuditLog(), "AMQ601265: User
myUser(producers)@", "is creating a core consumer"));
- assertTrue(findLogRecord(getAuditLog(), "AMQ601501: User
myUser(producers)@", "is consuming a message from exampleQueue"));
- assertTrue(findLogRecord(getAuditLog(), "AMQ601502: User
myUser(producers)@", "acknowledged message from exampleQueue:
AMQPStandardMessage"));
+ assertTrue(findLogRecord(getAuditLog(), "AMQ601715: User
myUser(consumers,producers)@", "successfully authenticated"));
+ assertTrue(findLogRecord(getAuditLog(), "AMQ601267: User
myUser(consumers,producers)@", "is creating a core session"));
+ assertTrue(findLogRecord(getAuditLog(), "AMQ601500: User
myUser(consumers,producers)@", "sent a message AMQPStandardMessage"));
+ assertTrue(findLogRecord(getAuditLog(), "AMQ601265: User
myUser(consumers,producers)@", "is creating a core consumer"));
+ assertTrue(findLogRecord(getAuditLog(), "AMQ601501: User
myUser(consumers,producers)@", "is consuming a message from exampleQueue"));
+ assertTrue(findLogRecord(getAuditLog(), "AMQ601502: User
myUser(consumers,producers)@", "acknowledged message from exampleQueue:
AMQPStandardMessage"));
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
