[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[
https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406645#comment-16406645
]
ASF subversion and git services commented on QPID-8124:
---
Commit b5d67e003d0cbe71915734e7fa9a3ffb731e9049 in qpid-broker-j's branch
refs/heads/7.0.x from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=b5d67e0 ]
QPID-8124: [Broker-J] Fix ACL logging on checking web management console access
after REST SASL authentication
> [Broker-J][REST] Sucessfully authenticated user is reported as <> in
> ACL operational logs when checking access to management
> -
>
> Key: QPID-8124
> URL: https://issues.apache.org/jira/browse/QPID-8124
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.0.3
>
>
> When user is successfully authenticated, the user information in operational
> log for checking management access is reported as <> for both
> Allowed and Denied outcomes:
> {noformat}
> INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied :
> Access Management
> INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed :
> Access Management
> INFO [qtp1675859208-64] (q.m.m.open) -
> [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
> {noformat}
> As result, it is impossible to identify the principal name of authenticated
> user in operational log when access is denied.
> Thought, it is possible to get the principal name for "allowed" outcome by
> looking into the following logs from the same thread, it would be beneficial
> to print the real principal information in the log for Allowed outcome.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[
https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406639#comment-16406639
]
Keith Wall commented on QPID-8124:
--
Changes look reasonable to me. Verified both the interactive and preemptive
authentication paths.
> [Broker-J][REST] Sucessfully authenticated user is reported as <> in
> ACL operational logs when checking access to management
> -
>
> Key: QPID-8124
> URL: https://issues.apache.org/jira/browse/QPID-8124
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.0.3
>
>
> When user is successfully authenticated, the user information in operational
> log for checking management access is reported as <> for both
> Allowed and Denied outcomes:
> {noformat}
> INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied :
> Access Management
> INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed :
> Access Management
> INFO [qtp1675859208-64] (q.m.m.open) -
> [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
> {noformat}
> As result, it is impossible to identify the principal name of authenticated
> user in operational log when access is denied.
> Thought, it is possible to get the principal name for "allowed" outcome by
> looking into the following logs from the same thread, it would be beneficial
> to print the real principal information in the log for Allowed outcome.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[
https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406445#comment-16406445
]
ASF subversion and git services commented on QPID-8124:
---
Commit 957f7eda039eb165aa2f75ab5f3afddbaefac87e in qpid-broker-j's branch
refs/heads/master from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=957f7ed ]
QPID-8124: [Broker-J] Fix ACL logging on checking web management console access
after REST SASL authentication
> [Broker-J][REST] Sucessfully authenticated user is reported as <> in
> ACL operational logs when checking access to management
> -
>
> Key: QPID-8124
> URL: https://issues.apache.org/jira/browse/QPID-8124
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Assignee: Alex Rudyy
>Priority: Major
> Fix For: qpid-java-broker-7.0.3
>
>
> When user is successfully authenticated, the user information in operational
> log for checking management access is reported as <> for both
> Allowed and Denied outcomes:
> {noformat}
> INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied :
> Access Management
> INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed :
> Access Management
> INFO [qtp1675859208-64] (q.m.m.open) -
> [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
> {noformat}
> As result, it is impossible to identify the principal name of authenticated
> user in operational log when access is denied.
> Thought, it is possible to get the principal name for "allowed" outcome by
> looking into the following logs from the same thread, it would be beneficial
> to print the real principal information in the log for Allowed outcome.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[
https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395323#comment-16395323
]
Alex Rudyy commented on QPID-8124:
--
Perhaps, we can provide the details of all user principal when outcome is
Denied either in operational log itself or in additional debug level logs
> [Broker-J][REST] Sucessfully authenticated user is reported as <> in
> ACL operational logs when checking access to management
> -
>
> Key: QPID-8124
> URL: https://issues.apache.org/jira/browse/QPID-8124
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
>Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0,
> qpid-java-broker-7.0.1
>Reporter: Alex Rudyy
>Priority: Major
>
> When user is successfully authenticated, the user information in operational
> log for checking management access is reported as <> for both
> Allowed and Denied outcomes:
> {noformat}
> INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied :
> Access Management
> INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed :
> Access Management
> INFO [qtp1675859208-64] (q.m.m.open) -
> [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin
> {noformat}
> As result, it is impossible to identify the principal name of authenticated
> user in operational log when access is denied.
> Thought, it is possible to get the principal name for "allowed" outcome by
> looking into the following logs from the same thread, it would be beneficial
> to print the real principal information in the log for Allowed outcome.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
