Improved logging
Project: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/commit/55478bf4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/tree/55478bf4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/diff/55478bf4 Branch: refs/heads/release-3.1 Commit: 55478bf4be0a5f8035865dbe7e947be481cafe32 Parents: 508f6de Author: Pramod Immaneni <[email protected]> Authored: Thu Sep 24 23:35:27 2015 -0700 Committer: Pramod Immaneni <[email protected]> Committed: Thu Sep 24 23:47:03 2015 -0700 ---------------------------------------------------------------------- .../stram/security/StramWSFilter.java | 48 ++++++++++++++------ 1 file changed, 33 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-apex-core/blob/55478bf4/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java ---------------------------------------------------------------------- diff --git a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java index 556f29d..762b359 100644 --- a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java +++ b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java @@ -34,6 +34,7 @@ import org.slf4j.LoggerFactory; import org.apache.hadoop.io.Text; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.Token; import com.datatorrent.stram.webapp.WebServices; @@ -131,9 +132,8 @@ public class StramWSFilter implements Filter HttpServletRequest httpReq = (HttpServletRequest)req; HttpServletResponse httpResp = (HttpServletResponse)resp; - logger.debug("Remote address for request is: {}", httpReq.getRemoteAddr()); + String remoteAddr = httpReq.getRemoteAddr(); String requestURI = httpReq.getRequestURI(); - logger.debug("Request path {}", requestURI); boolean authenticate = true; String user = null; if(getProxyAddresses().contains(httpReq.getRemoteAddr())) { @@ -147,14 +147,15 @@ public class StramWSFilter implements Filter } if (requestURI.equals(WebServices.PATH) && (user != null)) { String token = createClientToken(user, httpReq.getLocalAddr()); - logger.debug("Create token {}", token); + logger.debug("{}: creating token {}", remoteAddr, token); Cookie cookie = new Cookie(CLIENT_COOKIE, token); httpResp.addCookie(cookie); + } else { + logger.info("{}: proxy access to URI {} by user {}, no cookie created", remoteAddr, requestURI, user); } authenticate = false; } if (authenticate) { - logger.debug("Authenticating"); Cookie cookie = null; if (httpReq.getCookies() != null) { for (Cookie c : httpReq.getCookies()) { @@ -166,22 +167,24 @@ public class StramWSFilter implements Filter } boolean valid = false; if (cookie != null) { - logger.debug("Verifying token {}", cookie.getValue()); - user = verifyClientToken(cookie.getValue()); - valid = true; - logger.debug("Token valid"); + user = verifyClientToken(cookie.getValue(), remoteAddr); + if (user != null) { + valid = true; + } else { + logger.debug("{}: invalid cookie {}", remoteAddr, cookie.getValue()); + } } else { - logger.debug("Cookie not found"); + logger.debug("{}: cookie not found {}", remoteAddr, CLIENT_COOKIE); } if (!valid) { - logger.debug("Auth failure {}", HttpServletResponse.SC_UNAUTHORIZED); + logger.debug("{}: auth failure", remoteAddr); httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } } if(user == null) { - logger.debug("Could not find {} cookie, so user will not be set", WEBAPP_PROXY_USER); + logger.debug("{}: could not find user, so user principal will not be set", remoteAddr); chain.doFilter(req, resp); } else { final StramWSPrincipal principal = new StramWSPrincipal(user); @@ -201,16 +204,31 @@ public class StramWSFilter implements Filter return token.encodeToUrlString(); } - private String verifyClientToken(String tokenstr) throws IOException + private String verifyClientToken(String tokenstr, String cid) throws IOException { Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(); - token.decodeFromUrlString(tokenstr); + try { + token.decodeFromUrlString(tokenstr); + } catch (IOException e) { + logger.debug("{}: error decoding token: {}", cid, e.getMessage()); + return null; + } byte[] identifier = token.getIdentifier(); byte[] password = token.getPassword(); StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(); DataInputStream input = new DataInputStream(new ByteArrayInputStream(identifier)); - tokenIdentifier.readFields(input); - tokenManager.verifyToken(tokenIdentifier, password); + try { + tokenIdentifier.readFields(input); + } catch (IOException e) { + logger.debug("{}: error decoding identifier: {}", cid, e.getMessage()); + return null; + } + try { + tokenManager.verifyToken(tokenIdentifier, password); + } catch (SecretManager.InvalidToken e) { + logger.debug("{}: invalid token {}: {}", cid, tokenIdentifier, e.getMessage()); + return null; + } return tokenIdentifier.getOwner().toString(); } }
