This is an automated email from the ASF dual-hosted git repository.
karan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 5e7d353eabf Add audit logging to BasicAuthorizerResource update
methods (#17916)
5e7d353eabf is described below
commit 5e7d353eabfabee1e8095e5b789e3b42ac5b1bdc
Author: lujiefsi <[email protected]>
AuthorDate: Tue Apr 15 18:11:22 2025 +0800
Add audit logging to BasicAuthorizerResource update methods (#17916)
* Add audit logging to BasicAuthorizerResource update methods
This commit adds missing audit logging to three update methods in the
BasicAuthorizerResource class:
- authorizerUserUpdateListener
- authorizerGroupMappingUpdateListener
- authorizerUpdateListener (deprecated)
Each method now calls performAuditIfSuccess() after processing but before
returning the response, ensuring that successful update operations are
properly
recorded in the audit log. The audit messages include the authorizer name
and
payload size to provide context about the operations being performed.
This change improves security monitoring and compliance by ensuring all
authorization-related changes are properly tracked in audit logs.
* Update BasicAuthorizerResource.java
---
.../endpoint/BasicAuthorizerResource.java | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git
a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/BasicAuthorizerResource.java
b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/BasicAuthorizerResource.java
index 700d86b3b04..4f3728fc06c 100644
---
a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/BasicAuthorizerResource.java
+++
b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/BasicAuthorizerResource.java
@@ -629,7 +629,11 @@ public class BasicAuthorizerResource
)
{
authValidator.validateAuthorizerName(authorizerName);
- return resourceHandler.authorizerUserUpdateListener(authorizerName,
serializedUserAndRoleMap);
+
+ final Response response =
resourceHandler.authorizerUserUpdateListener(authorizerName,
serializedUserAndRoleMap);
+ performAuditIfSuccess(authorizerName, req, response, "Update user
authorization for authorizer[%s]", authorizerName);
+
+ return response;
}
/**
@@ -647,7 +651,11 @@ public class BasicAuthorizerResource
)
{
authValidator.validateAuthorizerName(authorizerName);
- return resourceHandler.authorizerUserUpdateListener(authorizerName,
serializedUserAndRoleMap);
+
+ final Response response =
resourceHandler.authorizerUserUpdateListener(authorizerName,
serializedUserAndRoleMap);
+ performAuditIfSuccess(authorizerName, req, response, "Update authorization
for authorizer[%s]", authorizerName);
+
+ return response;
}
/**
@@ -665,7 +673,11 @@ public class BasicAuthorizerResource
)
{
authValidator.validateAuthorizerName(authorizerName);
- return
resourceHandler.authorizerGroupMappingUpdateListener(authorizerName,
serializedGroupMappingAndRoleMap);
+
+ final Response response =
resourceHandler.authorizerGroupMappingUpdateListener(authorizerName,
serializedGroupMappingAndRoleMap);
+ performAuditIfSuccess(authorizerName, req, response, "Update group
mappings for authorizer[%s]", authorizerName);
+
+ return response;
}
private boolean isSuccess(Response response)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
