Change message of auditlog login event
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b6448074 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b6448074 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b6448074 Branch: refs/heads/audit_logging Commit: b64480740bf7450ba859c17e33e3715e1e372c44 Parents: 56efb57 Author: Daniel Gergely <[email protected]> Authored: Mon Feb 29 16:25:11 2016 +0100 Committer: Toader, Sebastian <[email protected]> Committed: Thu Mar 24 13:06:48 2016 +0100 ---------------------------------------------------------------------- .../server/audit/LoginSucceededAuditEvent.java | 19 ++++++--- .../ambari/server/controller/AmbariServer.java | 2 + .../authorization/AuthorizationHelper.java | 42 ++++++++++++++++++-- .../audit/LoginSucceededAuditEventTest.java | 14 +++++-- .../AmbariAuthenticationFilterTest.java | 9 ++++- 5 files changed, 73 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java index a57fc5d..08c272e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java @@ -18,7 +18,10 @@ package org.apache.ambari.server.audit; +import java.util.LinkedList; import java.util.List; +import java.util.Map; + import javax.annotation.concurrent.Immutable; import org.apache.commons.lang.StringUtils; @@ -33,7 +36,7 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent { private LoginSucceededAuditEventBuilder() { } - private List<String> roles; + private Map<String, List<String>> roles; /** @@ -43,10 +46,14 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent { protected void buildAuditMessage(StringBuilder builder) { super.buildAuditMessage(builder); - builder - .append(", Roles(") - .append(StringUtils.join(roles, ",")) - .append("), Status(Login succeeded !)"); + builder.append(", Roles(").append(System.lineSeparator()); + + List<String> lines = new LinkedList<>(); + for( Map.Entry<String, List<String>> entry : roles.entrySet()) { + lines.add(" " + entry.getKey() + ": " + StringUtils.join(entry.getValue(), ", ")); + } + builder.append(StringUtils.join(lines, System.lineSeparator())); + builder.append(System.lineSeparator()).append("), Status(Login succeeded !)"); } /** @@ -54,7 +61,7 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent { * @param roles * @return this builder */ - public LoginSucceededAuditEventBuilder withRoles(List<String> roles) { + public LoginSucceededAuditEventBuilder withRoles(Map<String, List<String>> roles) { this.roles = roles; return this; http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index 9436e5d..1a972ab 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -97,6 +97,7 @@ import org.apache.ambari.server.security.SecurityFilter; import org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter; import org.apache.ambari.server.security.authorization.AmbariLdapAuthenticationProvider; import org.apache.ambari.server.security.authorization.AmbariLocalUserDetailsService; +import org.apache.ambari.server.security.authorization.AuthorizationHelper; import org.apache.ambari.server.security.authorization.Users; import org.apache.ambari.server.security.authorization.internal.AmbariInternalAuthenticationProvider; import org.apache.ambari.server.security.authorization.jwt.JwtAuthenticationFilter; @@ -887,6 +888,7 @@ public class AmbariServer { RetryHelper.init(configs.getOperationsRetryAttempts()); AbstractServerAction.init(injector); + AuthorizationHelper.init(injector.getInstance(Clusters.class), injector.getInstance(ViewInstanceDAO.class)); } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java index f1b6f1a..7e06519 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java @@ -19,10 +19,14 @@ package org.apache.ambari.server.security.authorization; import com.google.common.collect.Lists; import com.google.inject.Singleton; + +import org.apache.ambari.server.AmbariException; +import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; +import org.apache.ambari.server.state.Clusters; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; @@ -39,6 +43,15 @@ import java.util.*; public class AuthorizationHelper { private final static Logger LOG = LoggerFactory.getLogger(AuthorizationHelper.class); + private static Clusters clusters; + + private static ViewInstanceDAO viewInstanceDAO; + + public static void init(Clusters clusters, ViewInstanceDAO viewInstanceDAO) { + AuthorizationHelper.clusters = clusters; + AuthorizationHelper.viewInstanceDAO = viewInstanceDAO; + } + /** * Converts collection of RoleEntities to collection of GrantedAuthorities */ @@ -257,14 +270,37 @@ public class AuthorizationHelper { * @param authentication the authenticated user and associated access privileges * @return human-readable permissions */ - public static List<String> getPermissionLabels(Authentication authentication) { - List<String> permissionLabels = Lists.newArrayList(); + public static Map<String,List<String>> getPermissionLabels(Authentication authentication) { + Map<String,List<String>> permissionLabels = new HashMap<>(); if (authentication.getAuthorities() != null) { for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) { AmbariGrantedAuthority ambariGrantedAuthority = (AmbariGrantedAuthority) grantedAuthority; PrivilegeEntity privilegeEntity = ambariGrantedAuthority.getPrivilegeEntity(); - permissionLabels.add(privilegeEntity.getPermission().getPermissionLabel()); + + String key = null; + try { + switch(privilegeEntity.getResource().getResourceType().getName()) { + case "CLUSTER": + key = clusters.getClusterById(privilegeEntity.getResource().getResourceType().getId()).getClusterName(); + break; + case "AMBARI": + key = "Ambari"; + break; + default: + key = viewInstanceDAO.findByResourceId(privilegeEntity.getResource().getId()).getLabel(); + break; + } + } catch (Throwable ignored) { + + } + + if(key != null) { + if(!permissionLabels.containsKey(key)) { + permissionLabels.put(key, new LinkedList<String>()); + } + permissionLabels.get(key).add(privilegeEntity.getPermission().getPermissionLabel()); + } } } return permissionLabels; http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java index 4454596..31e7eef 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java @@ -20,7 +20,11 @@ package org.apache.ambari.server.audit; import java.util.Arrays; +import java.util.HashMap; +import java.util.LinkedList; import java.util.List; +import java.util.Map; + import org.apache.commons.lang.StringUtils; import org.joda.time.DateTime; import org.junit.Test; @@ -37,21 +41,25 @@ public class LoginSucceededAuditEventTest { // Given String testUserName = "USER1"; String testRemoteIp = "127.0.0.1"; - String testRole = "Administrator"; + + Map<String, List<String>> roles = new HashMap<>(); + roles.put("a", Arrays.asList("r1", "r2", "r3")); LoginSucceededAuditEvent evnt = LoginSucceededAuditEvent.builder() .withTimestamp(DateTime.now()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) - .withRoles(Arrays.asList(testRole)) + .withRoles(roles) .build(); // When String actualAuditMessage = evnt.getAuditMessage(); + String roleMessage = System.lineSeparator() + " a: r1, r2, r3" + System.lineSeparator(); + // Then String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Roles(%s), Status(Login succeeded !)", - testUserName, testRemoteIp, testRole); + testUserName, testRemoteIp, roleMessage); assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java index 5b1bbf6..8430326 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java @@ -19,6 +19,10 @@ package org.apache.ambari.server.security.authentication; import java.io.IOException; import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -83,8 +87,11 @@ public class AmbariAuthenticationFilterTest { HttpServletResponse response = createMock(HttpServletResponse.class); Authentication authentication = createMock(Authentication.class); PowerMock.mockStatic(AuthorizationHelper.class); + + Map<String, List<String>> roles = new HashMap<>(); + roles.put("a", Arrays.asList("r1", "r2", "r3")); expect(AuthorizationHelper.getPermissionLabels(authentication)) - .andReturn(Arrays.asList("role1", "role2")); + .andReturn(roles); expect(AuthorizationHelper.getAuthorizationNames(authentication)) .andReturn(Arrays.asList("perm1", "perm2")); expect(request.getHeader("X-Forwarded-For")).andReturn("1.2.3.4");
