[
https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-8124:
-----------------------------
Description:
When user is successfully authenticated, the user information in operational
log for checking management access is reported as <<UNKNOWN>> for both Allowed
and Denied outcomes:
{noformat}
INFO [qtp1675859208-228] (q.m.a.denied) - <<UNKNOWN>> ACL-1002 : Denied :
Access Management
INFO [qtp1675859208-64] (q.m.a.allowed) - <<UNKNOWN>> ACL-1001 : Allowed :
Access Management
INFO [qtp1675859208-64] (q.m.m.open) - [mng:nyXoe7Io(admin@/127.0.0.1:45666)]
MNG-1007 : Open : User admin
{noformat}
As result, it is impossible to identify the principal name of authenticated
user in operational log when access is denied.
Thought, it is possible to get the principal name for "allowed" outcome by
looking into the following logs from the same thread, it would be beneficial to
print the real principal information in the log for Allowed outcome.
was:
When user is successfully authenticated, the user subject of operational log
for checking management access is reported as <<UNKNOWN>> with both Allowed and
Denied outcomes:
{noformat}
INFO [qtp1675859208-228] (q.m.a.denied) - <<UNKNOWN>> ACL-1002 : Denied :
Access Management
INFO [qtp1675859208-64] (q.m.a.allowed) - <<UNKNOWN>> ACL-1001 : Allowed :
Access Management
INFO [qtp1675859208-64] (q.m.m.open) - [mng:nyXoe7Io(admin@/127.0.0.1:45666)]
MNG-1007 : Open : User admin
{noformat}
As result, it is impossible to identify the principal name of authenticated
user in operational log when access is denied.
Thought, it is possible to get the principal name for "allowed" outcome by
looking into the following logs from the same thread, it would be beneficial to
print the real principal information in the log for Allowed outcome.
> [Broker-J][REST] Sucessfully authenticated user is reported as <<UNKNOWN>> in
> ACL operational logs when checking access to management
> -------------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8124
> URL: https://issues.apache.org/jira/browse/QPID-8124
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
> Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
> Reporter: Alex Rudyy
> Priority: Major
>
> When user is successfully authenticated, the user information in operational
> log for checking management access is reported as <<UNKNOWN>> for both
> Allowed and Denied outcomes:
> {noformat}
> INFO [qtp1675859208-228] (q.m.a.denied) - <<UNKNOWN>> ACL-1002 : Denied :
> Access Management
> INFO [qtp1675859208-64] (q.m.a.allowed) - <<UNKNOWN>> ACL-1001 : Allowed :
> Access Management
> INFO [qtp1675859208-64] (q.m.m.open) -
> [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
> {noformat}
> As result, it is impossible to identify the principal name of authenticated
> user in operational log when access is denied.
> Thought, it is possible to get the principal name for "allowed" outcome by
> looking into the following logs from the same thread, it would be beneficial
> to print the real principal information in the log for Allowed outcome.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
