Remove privileges part of the audit message when a user logs in
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/56efb571 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/56efb571 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/56efb571 Branch: refs/heads/audit_logging Commit: 56efb5715590dd257388bfa2f96e25e1be7b7cd8 Parents: a885ef5 Author: Daniel Gergely <[email protected]> Authored: Mon Feb 29 13:33:23 2016 +0100 Committer: Toader, Sebastian <[email protected]> Committed: Thu Mar 24 13:06:47 2016 +0100 ---------------------------------------------------------------------- .../server/audit/LoginSucceededAuditEvent.java | 18 ++---------------- .../AmbariAuthenticationFilter.java | 1 - .../authorization/AmbariAuthorizationFilter.java | 1 - .../audit/LoginSucceededAuditEventTest.java | 10 ++-------- 4 files changed, 4 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/56efb571/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java index e4f5f9c..a57fc5d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java @@ -35,8 +35,6 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent { private List<String> roles; - private List<String> privileges; - /** * {@inheritDoc} @@ -44,13 +42,11 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent { @Override protected void buildAuditMessage(StringBuilder builder) { super.buildAuditMessage(builder); - String lineSeparator = System.lineSeparator(); + builder .append(", Roles(") .append(StringUtils.join(roles, ",")) - .append(String.format("),%-26s Privileges(%-28s ", lineSeparator, lineSeparator)) - .append(StringUtils.join(privileges, String.format("%-28s ", lineSeparator))) - .append(String.format("%-26s), Status(Login succeeded !)", lineSeparator)); + .append("), Status(Login succeeded !)"); } /** @@ -65,16 +61,6 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent { } /** - * Sets the list of privileges possessed by the principal requesting access to a resource. - * @param privileges - * @return this builder - */ - public LoginSucceededAuditEventBuilder withPrivileges(List<String> privileges) { - this.privileges = privileges; - - return this; - } - /** * {@inheritDoc} */ @Override http://git-wip-us.apache.org/repos/asf/ambari/blob/56efb571/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java index ed9d72f..b41cfb7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java @@ -77,7 +77,6 @@ public class AmbariAuthenticationFilter extends BasicAuthenticationFilter { .withUserName(authResult.getName()) .withTimestamp(DateTime.now()) .withRoles(AuthorizationHelper.getPermissionLabels(authResult)) - .withPrivileges(AuthorizationHelper.getAuthorizationNames(authResult)) .build(); auditLogger.log(loginSucceededAuditEvent); } http://git-wip-us.apache.org/repos/asf/ambari/blob/56efb571/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java index c96fb21..65fd213 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java @@ -140,7 +140,6 @@ public class AmbariAuthorizationFilter implements Filter { .withUserName(internalAuthenticationToken.getName()) .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) .withRoles(AuthorizationHelper.getPermissionLabels(authentication)) - .withPrivileges(AuthorizationHelper.getAuthorizationNames(authentication)) .withTimestamp(DateTime.now()).build(); auditLogger.log(loginSucceededAuditEvent); } else { http://git-wip-us.apache.org/repos/asf/ambari/blob/56efb571/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java index 782693d..4454596 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java @@ -35,29 +35,23 @@ public class LoginSucceededAuditEventTest { @Test public void testAuditMessage() throws Exception { // Given - String lineSeparator = System.lineSeparator(); String testUserName = "USER1"; String testRemoteIp = "127.0.0.1"; String testRole = "Administrator"; - List<String> testPrivileges = Arrays.asList("role1", "role2"); - String privilegePrefix = String.format("%-26s Privileges(%-28s ", lineSeparator, lineSeparator); - - String expectedPrivileges = StringUtils.join(testPrivileges, String.format("%-28s ", lineSeparator)); LoginSucceededAuditEvent evnt = LoginSucceededAuditEvent.builder() .withTimestamp(DateTime.now()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) .withRoles(Arrays.asList(testRole)) - .withPrivileges(testPrivileges) .build(); // When String actualAuditMessage = evnt.getAuditMessage(); // Then - String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Roles(%s),%s%s%-26s), Status(Login succeeded !)", - testUserName, testRemoteIp, testRole, privilegePrefix, expectedPrivileges, lineSeparator); + String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Roles(%s), Status(Login succeeded !)", + testUserName, testRemoteIp, testRole); assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
